CVE-2025-0509

high

Description

Vulnerability in Oracle Java SE (component: Install (Sparkle)). The supported version that is affected is Oracle Java SE: 8u431. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Java SE, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Only applies to the macOS autoupdater. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).

Details

Source: Mitre, NVD

Published: 2025-01-21

Risk Information

CVSS v2

Base Score: 6.2

Vector: CVSS2#AV:A/AC:H/Au:M/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Severity: High

Detections

Analytics