CVE-2025-30761: 
Amazon Corretto JDK vulnerability analysis and mitigation

A vulnerability was discovered in Oracle Java SE and Oracle GraalVM Enterprise Edition's Scripting component. The affected versions include Oracle Java SE versions 8u451, 8u451-perf, and 11.0.27, as well as Oracle GraalVM Enterprise Edition version 21.3.14. This vulnerability was disclosed on July 15, 2025, and received a CVSS 3.1 Base Score of 5.9 (Medium severity) (NVD, Oracle Alert).

The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data) and allows unauthenticated attackers with network access to compromise the affected systems via multiple protocols. The CVSS vector string is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility with high attack complexity, no privileges required, no user interaction needed, unchanged scope, and high impact on integrity (NVD).

Successful exploitation of this vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Java SE and Oracle GraalVM Enterprise Edition accessible data. The vulnerability can be exploited through APIs in the specified Component, such as through a web service which supplies data to the APIs (NVD).

Oracle has released security patches to address this vulnerability. Users are advised to upgrade to the latest versions that include the fix patch. Red Hat has also released updates for affected products through RHSA-2025:10861 and RHSA-2025:10863 advisories (Red Hat Advisory, Oracle Alert).