OpenJDK Vulnerability Advisory: 2025/07/15
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 24.0.1, 21.0.7, 17.0.15, 11.0.27, 8u452, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
| Affects ... | |||||||
|---|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector |
8 | 11 | 17 | 21 | 24 |
| CVE-2025-50059 | core-libs/ java.net |
8.6 NLNNCHNN |
• | • | • | • | |
| CVE-2025-30749 | client-libs/ 2d |
8.1 NHNNUHHH |
• | • | • | • | • |
| CVE-2025-50106 | client-libs/ 2d |
8.1 NHNNUHHH |
• | • | • | • | • |
| CVE-2025-30761 | core-libs/ javax.script |
5.9 NHNNUNHN |
• | • | |||
| CVE-2025-30754 | security-libs/ javax.net.ssl |
4.8 NHNNULLN |
• | • | • | • | • |
OpenJFX Risk matrix
| Affects ... | |||||
|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector |
17 | 21 | 24 |
| CVE-2025-27113 | javafx/ web |
7.5 NHNRUHHH |
• | • | • |
| CVE-2025-24855 | javafx/ web |
7.5 NHNRUHHH |
• | • | • |
Acknowledgements
We acknowledge the following parties for their reports and contributions: Cheng Tianyi, Dong-uk Kim, Mashroor Hasan Bhuiyan, Shaun Spiller, and Violeta Georgieva.
We also thank the Leads of the JDK 8 Updates, JDK 11 Updates, JDK 17 Updates, JDK 21 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
