CVE-2025-21587

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Apr 15, 2025

Updated: Apr 29, 2025

CWE ID 284

Summary

CVE-2025-21587 is a vulnerability affecting multiple versions of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. This issue, located in the JSSE component, is classified as difficult to exploit and allows unauthenticated attackers to compromise these products via multiple protocols. Successful attacks may result in unauthorized access to critical data or complete access to all data for affected systems. The vulnerability can be exploited through APIs in the specified components, making Java deployments, especially those running sandboxed Java Web Start applications or applets, particularly susceptible. The CVSS Base Score is 7.4, indicating high confidentiality and integrity risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Oracle Java SE
Oracle Graalvm For Jdk
Oracle GraalVM Enterprise Edition

Affected Vendors

Oracle

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners