Home

CVE-2025-53066

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.055

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 9.1Windows
Vulnerabilities CVE-2025-48976,CVE-2025-36099,CVE-2025-53066,CVE-2025-53057 are fixed in IBM WebSphere 8.5.5.29Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0.7Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53066,CVE-2025-53057 are fixed in Azul Zulu JDK 8 (MSI) 8.90.0.20Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53066,CVE-2025-53057 are fixed in Azul Zulu JDK 8 (MSI) (x64) 8.90.0.20Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53066,CVE-2025-53057 are fixed in Azul Zulu JDK 11 (MSI) (x64) 11.84.18Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53066,CVE-2025-53057 are fixed in Azul Zulu JDK 17 17.62.18Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53066,CVE-2025-53057 are fixed in Azul Zulu JDK 17 (x64) 17.62.18Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53057,CVE-2025-53066 are affected in Java SE Development Kit (x64) 8.0.4610.11Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53057,CVE-2025-53066 are affected in Java SE Development Kit 8.0.4610.11Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53057,CVE-2025-53066 are affected in Java Runtime Environment 1.8 (x64) 8.0.4610.11Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53057,CVE-2025-53066 are affected in Java Runtime Environment 1.8 8.0.4610.11Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066,CVE-2025-61748 are affected in Oracle GraalVM Enterprise Edition 21.3.15Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066,CVE-2025-61748 are affected in Java(TM) SE Development Kit 25 (MSI) (x64) 25Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53066,CVE-2025-53057,CVE-2025-61748 are fixed in Azul Zulu JDK 21 (MSI) (x64) 21.46.22Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066,CVE-2025-61748 are affected in Java(TM) SE Development Kit 21 (x64) 21.0.8Windows
Vulnerabilities CVE-2025-31257,CVE-2025-53066,CVE-2025-53057,CVE-2025-61748 are fixed in Azul Zulu JDK 25 (MSI) (x64) 25.30.18Windows
Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 8.2Windows
Multiple Vulnerabilities are affected in IBM MQ 9.3.5.1Windows
Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 10.1Windows
Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 11.1Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.12Windows
Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.12.19Windows
Multiple Vulnerabilities are affected in IBM App Connect Enterprise 13.0.5.1Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066 are affected in IBM MQ 9.1.0.32Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066 are affected in IBM MQ 9.2.0.38Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066 are affected in IBM MQ 9.3.0.35Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066 are affected in IBM MQ 9.4.0.16Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066 are affected in IBM MQ 9.4.4.0Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.1.16Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066 are affected in Java SE Development Kit 11 (64-bit) 11.0.28Windows
Vulnerabilities CVE-2025-53057,CVE-2025-53066 are affected in Java SE Development Kit 17 17.0.16Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-352654Java SE Development Kit (x64) (8.0.4710.9) (Manual Upload Required)
PATCH-352653Java SE Development Kit (8.0.4710.9) (Manual Upload Required)
PATCH-352674Java(TM) SE Development Kit 25 (MSI) (x64) (25.0.1.0)
PATCH-352701Java(TM) SE Development Kit 21 (x64) (21.0.9)
PATCH-358388Java SE Development Kit 11 (64-bit) (11.0.31) (Manual Upload Required)
PATCH-358380Java SE Development Kit 17 (17.0.19) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234