CVE-2025-61748: 
OpenJDK JDK vulnerability analysis and mitigation

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). The affected versions include Oracle Java SE: 21.0.8 and 25, Oracle GraalVM for JDK: 21.0.8, and Oracle GraalVM Enterprise Edition: 21.3.15. This vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise the affected components (Oracle CPU).

The vulnerability is classified as difficult to exploit and can be accessed through multiple protocols. It has received a CVSS 3.1 Base Score of 3.7 (Integrity impacts) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability can be exploited using APIs in the specified Component, such as through a web service which supplies data to the APIs. It particularly affects Java deployments running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code from the internet and rely on the Java sandbox for security (NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of the accessible data in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. The impact is primarily focused on data integrity, with no direct effects on confidentiality or availability (Oracle CPU).

Oracle has released patches for the affected versions as part of their October 2025 Critical Patch Update. Users are strongly advised to apply these security patches without delay to mitigate the risk. The patches are available for Oracle Java SE versions 21.0.8 and 25, Oracle GraalVM for JDK version 21.0.8, and Oracle GraalVM Enterprise Edition version 21.3.15 (Oracle CPU).