Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime

Summary This bulletin for IBM Semeru Runtime covers all applicable Java SE CVEs published by OpenJDK as part of their July 2025 Vulnerability Advisory. For more information please refer to OpenJDK's July 2025 Vulnerability Advisory and the CVE links below. Vulnerability Details CVEID:CVE-2025-500...

The vulnerability of the Sparkle framework on the Oracle Java SE software platform arises from the ability to expose files or directories to external parties. This allows a perpetrator to bypass the signature verification mechanism and gain full control over the application.

The vulnerability of the Sparkle framework on the Oracle Java SE software platform relates to the exposure of files or directories to external parties. Exploiting this vulnerability could allow an attacker to bypass the EdDSA signature verification and gain full control over the application...

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2025-2940)

The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.28+6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2940 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product...

K000152832: Oracle Java SE vulnerability CVE-2025-30754

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for...

K000152831: Oracle Java SE vulnerability CVE-2025-50059

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for...

Important: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...

K000152803: Oracle Java SE vulnerability CVE-2025-50106

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JD...

K000152802: Oracle Java SE vulnerability CVE-2025-30752

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE component: Compiler. The supported version that is affected is Oracle Java SE: 24.0.1; Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated...

ROS-20250729-04

A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with access control errors. JDK and Oracle GraalVM Enterprise Edition virtual machines is related to access control errors...

ROS-20250729-02

A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with access control errors. JDK and Oracle GraalVM Enterprise Edition virtual machines is related to access control errors...

ROS-20250729-03

A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with access control errors. JDK and Oracle GraalVM Enterprise Edition virtual machines is related to access control errors...

ROS-20250729-05

A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with access control errors. JDK and Oracle GraalVM Enterprise Edition virtual machines is related to access control errors...

K000152716: Oracle Java SE vulnerability CVE-2025-30761

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to...

K000152715: Oracle Java SE vulnerability CVE-2025-30749

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JD...

K000152714: Oracle Java SE vulnerability CVE-2025-50063

Security Advisory Description Vulnerability in Oracle Java SE component: Install. The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Ja...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1)

The version of AOS installed on the remote host is prior to 7.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1 advisory. - BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-12900 -...

openjdk: Improve scripting supports (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Scripting. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf and 11.0.27; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows...

openjdk: Better Glyph drawing (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...