CVE-2025-61748: 
Amazon Corretto JDK vulnerability analysis and mitigation

CVE-2025-61748 is a vulnerability affecting Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition (component: Libraries). The affected versions include Oracle Java SE 21.0.8 and 25, Oracle GraalVM for JDK 21.0.8, and Oracle GraalVM Enterprise Edition 21.3.15. This vulnerability was disclosed in October 2025 (Oracle CPU).

The vulnerability is classified as difficult to exploit and allows unauthenticated attackers with network access via multiple protocols to compromise the affected components. It has a CVSS 3.1 Base Score of 3.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability is associated with CWE-284 (Improper Access Control) (NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of the accessible data in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The vulnerability can be exploited through APIs in the specified Component, such as through a web service which supplies data to the APIs (Oracle CPU).

Oracle has released security patches as part of the October 2025 Critical Patch Update. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply these Critical Patch Update security patches as soon as possible (Oracle CPU).