Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HDebian
OSDebian7.08.09.0Netapp Active Iq Unified Manager
APPNetapp≥ 7.3≥ 9.5Netapp Cloud Backup
APPNetappwszystkie wersjeNetapp Element Software
APPNetappwszystkie wersjeNetapp E Series Santricity Management Plug Ins
APPNetappwszystkie wersjeNetapp E Series Santricity Os Controller
APPNetapp11.0 – 11.70.1Netapp E Series Santricity Storage Manager
APPNetappwszystkie wersjeNetapp E Series Santricity Web Services
APPNetappwszystkie wersjeNetapp Oncommand Balance
APPNetappwszystkie wersjeNetapp Oncommand Insight
APPNetappwszystkie wersjeNetapp Oncommand Performance Manager
APPNetappwszystkie wersjeNetapp Oncommand Shift
APPNetappwszystkie wersjeNetapp Oncommand Unified Manager
APPNetapp≤ 7.1Netapp Oncommand Workflow Automation
APPNetappwszystkie wersjeNetapp Plug In For Symantec Netbackup
APPNetappwszystkie wersjeNetapp Snapmanager
APPNetappwszystkie wersjeNetapp Steelstore Cloud Integrated Storage
APPNetappwszystkie wersjeNetapp Storage Replication Adapter For Clustered Data Ontap
APPNetapp≥ 7.2Netapp Vasa Provider For Clustered Data Ontap
APPNetapp6.0≥ 7.2Netapp Virtual Storage Console
APPNetapp6.0≥ 7.2Oracle JDK
APPOracle1.6.01.7.01.8.01.9.0Oracle Jre
APPOracle1.6.01.7.01.8.01.9.0Red Hat Enterprise Linux Desktop
OSRedhat6.07.0Red Hat Enterprise Linux Eus
OSRedhat7.47.57.67.7Red Hat Enterprise Linux Server
OSRedhat6.07.0Red Hat Enterprise Linux Server Aus
OSRedhat7.47.67.7Red Hat Enterprise Linux Server Tus
OSRedhat7.47.67.7Red Hat Enterprise Linux Workstation
OSRedhat6.07.0Red Hat Satellite
APPRedhat5.8
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki