CVE-2025-50063

Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2025.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk:1.8.0:update451:::-:::*
	cpe:2.3:a:oracle:jre:1.8.0:update451:::-:::*

History

04 Aug 2025, 21:17

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:jdk:1.8.0:update451:::-:::* cpe:2.3:a:oracle:jre:1.8.0:update451:::-:::*
References	~~() https://www.oracle.com/security-alerts/cpujul2025.html -~~	() https://www.oracle.com/security-alerts/cpujul2025.html - Vendor Advisory
CWE		NVD-CWE-noinfo
First Time		Oracle jdk Oracle jre Oracle

16 Jul 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-15 20:15

Updated : 2025-08-04 21:17

NVD link : CVE-2025-50063

Mitre link : CVE-2025-50063

CVE.ORG link : CVE-2025-50063

JSON object : View

Products Affected

oracle

jdk
jre

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-50063", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}]}, "published": "2025-07-15T20:15:40.850", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2025.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en Oracle Java SE (componente: Instalaci\u00f3n). Las versiones compatibles afectadas son Oracle Java SE: 8u451 y 8u451-perf. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante con pocos privilegios, con acceso a la infraestructura donde se ejecuta Oracle Java SE, comprometer Oracle Java SE. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle Java SE. Nota: Aplica al proceso de instalaci\u00f3n en la implementaci\u00f3n de cliente de Java. Puntuaci\u00f3n base de CVSS 3.1: 7.3 (Afecta a la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)."}], "lastModified": "2025-08-04T21:17:23.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update451:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "EA1F75F8-90CF-4FA2-89F7-C212649D19AE"}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update451:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "8624EF0D-ECED-435E-854E-7CE8B70B38C3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}