CVE Alert: CVE-2025-53066 – Oracle Corporation – Oracle Java SE
CVE-2025-53066
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
AI Summary Analysis
Risk verdict
High risk: a remotely exploitable, unauthenticated vulnerability in Oracle Java SE and GraalVM that warrants prompt patching, subject to KEV/SSVC exploitation status.
Why this matters
The flaw enables arbitrary data access on affected runtimes without user interaction, risking data confidentiality across Java services and API endpoints. In organisations relying on Java-based microservices, cloud deployments or client deployments that load untrusted code, an attacker could exfiltrate sensitive information and broaden access across the environment.
Most likely attack path
Exploitation requires network access with no privileges and no user interaction. Attackers would leverage exposed APIs or web services using JAXP components to trigger the vulnerability, potentially via data feeds or untrusted code execution in sandboxed Java deployments, leading to data exposure.
Who is most exposed
organisations deploying Oracle Java SE or GraalVM in server-side, cloud, or client environments with openly reachable API surfaces are most at risk; systems exposing JAXP-related functionality or web services are particularly vulnerable.
Detection ideas
- Unusual, outbound data transfers from affected Java processes to external endpoints.
- Surges in traffic to exposed Java APIs or JAXP endpoints without corresponding legitimate activity.
- Repeated failed or anomalous API calls attempting to load external or untrusted code.
- Security events indicating attempts to access high-confidentiality data via affected paths.
- Sandbox/Java security manager alerts linked to data retrieval endpoints.
Mitigation and prioritisation
- Apply patches to the affected Java SE and GraalVM versions as soon as available; test in staging before production.
- If patching is delayed, restrict exposed API surfaces, segment networks, and deploy WAF rules to block anomalous API activity.
- Review and harden API authentication/authorisation around JAXP usage; disable untrusted code loading where feasible.
- Monitor for data exfiltration indicators and unusual API calls; enforce strict logging and alerting.
- Change-management: coordinate patch windows with IT security; have a rollback plan.
- Prioritisation note: KEV status and EPSS score are not provided; if KEV is true or EPSS ≥ 0.5, treat as priority 1.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.