CVE-2025-50065 in GraalVM for JDK
Summary
by MITRE • 07/15/2025
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 11/28/2025
The vulnerability identified as CVE-2025-50065 affects Oracle GraalVM for JDK version 24.0.1, specifically within the Native Image component of the Java SE platform. This represents a significant security concern for organizations utilizing GraalVM technology for native application compilation and deployment. The vulnerability resides in the native image generation process which is designed to create standalone executables from java applications, enabling faster startup times and reduced memory consumption. The affected component operates as part of Oracle's broader Java SE ecosystem and is particularly relevant for enterprises deploying high-performance applications that leverage GraalVM's ahead-of-time compilation capabilities.
This security flaw manifests as a difficult-to-exploit vulnerability that can be leveraged by unauthenticated remote attackers through HTTP network connections. The CVSS score of 3.7 indicates a low to medium severity classification, with the primary impact focused on availability rather than confidentiality or integrity. The vulnerability's attack vector requires network access via HTTP, suggesting that applications or services running on GraalVM that expose HTTP endpoints could be susceptible to exploitation. The complexity of exploitation indicates that attackers would need to overcome certain technical barriers, but the availability impact suggests that successful exploitation could result in partial denial of service conditions that disrupt normal system operations.
The operational impact of this vulnerability extends beyond simple service disruption, as it specifically targets the availability aspect of the affected system. A successful partial denial of service attack could compromise the ability of applications built using GraalVM Native Image to function properly, potentially affecting critical business applications that rely on these high-performance compiled executables. The vulnerability's classification as a partial DOS indicates that while complete system compromise is not guaranteed, the disruption could be substantial enough to impact business operations and user experience. Organizations running applications that utilize GraalVM's native image capabilities must consider this vulnerability's potential to affect their operational continuity and performance metrics.
Mitigation strategies should focus on immediate patch management and network segmentation approaches to limit exposure. Organizations should prioritize updating to patched versions of Oracle GraalVM for JDK 24.0.1 or newer releases that address this vulnerability. Network-level controls including firewalls and access controls should be implemented to restrict HTTP access to GraalVM components where possible. Additionally, monitoring systems should be enhanced to detect unusual patterns in HTTP traffic that might indicate exploitation attempts. The vulnerability aligns with CWE-200 (Information Exposure) and potentially CWE-400 (Uncontrolled Resource Consumption) categories, while its exploitation patterns could map to ATT&CK techniques involving service disruption and availability attacks. Security teams should also consider implementing runtime protection mechanisms and application whitelisting to reduce the attack surface and prevent unauthorized access to vulnerable components.