Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 730
Alerts This Week
Warning Icon 1 730

Ubuntu 25.10: OpenJDK 8 Critical XML External Entity Attack USN-7881-1

ubuntu
Calendar Grey November 25, 2025
Dist Ubuntu Esm H88
Multiple security issues in OpenJDK 8 affect Ubuntu. Critical updates necessary for secure operations.
Several security issues were fixed in OpenJDK 8.

Summary

Several security issues were fixed in OpenJDK 8.

Software Description:

- openjdk-8: Open Source Java implementation

Details:

Jinfeng Guo discovered that the Security component of OpenJDK 8 did not

correctly handle certain representations of encoded strings. An

unauthenticated remote attacker could possibly use this issue to modify

files or leak sensitive information. (CVE-2025-53057)

Darius Bohni discovered that the JAXP component of OpenJDK 8 was

vulnerable to a XML External Entity (XEE) attack. An unauthenticated

remote attacker could possibly use this issue to modify files or leak

sensitive information. (CVE-2025-53066)

In addition to security fixes, the updated packages contain bug fixes, new

features, and possibly incompatible changes.

Please see the following for more information:

https://openjdk.org/groups/vulnerability/advisories/2025-10-21

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  openjdk-8-jdk                   8u472-ga-1~25.10
  openjdk-8-jdk-headless          8u472-ga-1~25.10
  openjdk-8-jre                   8u472-ga-1~25.10
  openjdk-8-jre-headless          8u472-ga-1~25.10
  openjdk-8-jre-zero              8u472-ga-1~25.10

Ubuntu 25.04
  openjdk-8-jdk                   8u472-ga-1~25.04
  openjdk-8-jdk-headless          8u472-ga-1~25.04
  openjdk-8-jre                   8u472-ga-1~25.04
  openjdk-8-jre-headless          8u472-ga-1~25.04
  openjdk-8-jre-zero              8u472-ga-1~25.04

Ubuntu 24.04 LTS
  openjdk-8-jdk                   8u472-ga-1~24.04
  openjdk-8-jdk-headless          8u472-ga-1~24.04
  openjdk-8-jre                   8u472-ga-1~24.04
  openjdk-8-jre-headless          8u472-ga-1~24.04
  openjdk-8-jre-zero              8u472-ga-1~24.04

Ubuntu 22.04 LTS
  openjdk-8-jdk                   8u472-ga-1~22.04
  openjdk-8-jdk-headless          8u472-ga-1~22.04
  openjdk-8-jre                   8u472-ga-1~22.04
  openjdk-8-jre-headless          8u472-ga-1~22.04
  openjdk-8-jre-zero              8u472-ga-1~22.04

Ubuntu 20.04 LTS
  openjdk-8-jdk                   8u472-ga-1~20.04
                                  Available with Ubuntu Pro
  openjdk-8-jdk-headless          8u472-ga-1~20.04
                                  Available with Ubuntu Pro
  openjdk-8-jre                   8u472-ga-1~20.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-headless          8u472-ga-1~20.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-zero              8u472-ga-1~20.04
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  openjdk-8-jdk                   8u472-ga-1~18.04
                                  Available with Ubuntu Pro
  openjdk-8-jdk-headless          8u472-ga-1~18.04
                                  Available with Ubuntu Pro
  openjdk-8-jre                   8u472-ga-1~18.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-headless          8u472-ga-1~18.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-zero              8u472-ga-1~18.04
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  openjdk-8-jdk                   8u472-ga-1~16.04
                                  Available with Ubuntu Pro
  openjdk-8-jdk-headless          8u472-ga-1~16.04
                                  Available with Ubuntu Pro
  openjdk-8-jre                   8u472-ga-1~16.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-headless          8u472-ga-1~16.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-jamvm             8u472-ga-1~16.04
                                  Available with Ubuntu Pro
  openjdk-8-jre-zero              8u472-ga-1~16.04
                                  Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7881-1

CVE-2025-53057, CVE-2025-53066

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7881-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.