Mageia 9: 2025-0042 critical: Java SE unauthorized access
mageia
February 7, 2025
A difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE
Summary
A difficult to exploit vulnerability allows unauthenticated attackers with
network access via multiple protocols to compromise Oracle Java SE.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to Oracle Java SE accessible. This
vulnerability can be exploited by using APIs in the specified Component,
e.g., through a web service which supplies data to the APIs. This
vulnerability also applies to Java deployments, typically in clients
running sandboxed Java Web Start applications or sandboxed Java applets,
that load and run untrusted code (e.g., code that comes from the
Internet) and rely on the Java sandbox for security. (CVE-2025-21502)
References
- https://bugs.mageia.org/show_bug.cgi?id=33954
- https://access.redhat.com/errata/RHBA-2025:0418
- https://access.redhat.com/errata/RHSA-2025:0429
- https://access.redhat.com/errata/RHSA-2025:0422
- https://www.oracle.com/security-alerts/cpujan2025.html#AppendixJAVA
- https://www.cve.org/CVERecord?id=CVE-2025-21502
Topics Covered
Resolution
SRPMS
- 9/core/java-17-openjdk-17.0.14.0.7-1.mga9
- 9/core/java-11-openjdk-11.0.26.0.4-1.mga9
- 9/core/java-1.8.0-openjdk-1.8.0.442.b06-1.mga9
- 9/core/java-latest-openjdk-23.0.2.0.7-1.rolling.1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 07 Feb 2025
URL: https://advisories.mageia.org/MGASA-2025-0042.html
Type: security
CVE: CVE-2025-21502
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!