CVE-2025-4447

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.

CVSS

No CVSS.

References

Link	Resource
https://github.com/eclipse-openj9/openj9/pull/21762
https://gitlab.eclipse.org/security/cve-assignement/-/issues/61

Configurations

No configuration.

History

12 May 2025, 17:32

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-09 21:15

Updated : 2025-05-12 17:32

NVD link : CVE-2025-4447

Mitre link : CVE-2025-4447

CVE.ORG link : CVE-2025-4447

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-4447", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-09T21:15:51.410", "references": [{"url": "https://github.com/eclipse-openj9/openj9/pull/21762", "source": "emo@eclipse.org"}, {"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61", "source": "emo@eclipse.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts."}, {"lang": "es", "value": "En versiones de Eclipse OpenJ9 hasta la 0.51, cuando se utiliza con OpenJDK versi\u00f3n 8, se puede producir un desbordamiento de b\u00fafer basado en pila al modificar un archivo en el disco que se lee cuando se inicia la JVM."}], "lastModified": "2025-05-12T17:32:32.760", "sourceIdentifier": "emo@eclipse.org"}

CVE-2025-4447

JSON object

Attach tags to CVE-2025-4447

Attach tags to `CVE-2025-4447`