Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: java-1_8_0-openjdk Important Network Access Risks CVE-2025-30749

suse
Calendar Grey September 15, 2025
Dist Suse Esm H88
SUSE unveils significant security patch for java-1_8_0-openjdk, tackling severe weaknesses and issues.
* bsc#1246580 * bsc#1246584 * bsc#1246595 * bsc#1246598 * bsc#1246806

Summary

## This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u462 (icedtea-3.36.0). Security issues fixed: * CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246595). * CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized update, insert, delete and read access to sensitive data (bsc#1246598). * CVE-2025-30761: issue in Scripting component allows unauthenticated attacker with network access to gain unauthorized creation, deletion or modification access to critical data (bsc#1246580). * CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker

References

* bsc#1246580

* bsc#1246584

* bsc#1246595

* bsc#1246598

* bsc#1246806

Cross-

* CVE-2025-30749

* CVE-2025-30754

* CVE-2025-30761

* CVE-2025-50106

CVSS scores:

* CVE-2025-30749 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-30749 ( SUSE ): 7.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-30749 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-30754 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-30754 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2025-30761 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:03224-1
Release Date: 2025-09-15T11:38:07Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here