CVE-2025-50063

Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2025.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:jdk:1.8.0:update451:::-:::*
	cpe:2.3:a:oracle:jre:1.8.0:update451:::-:::*

History

04 Aug 2025, 21:17

Type	Values Removed	Values Added
First Time		Oracle Oracle jdk Oracle jre
CPE		cpe:2.3:a:oracle:jdk:1.8.0:update451:::-:::* cpe:2.3:a:oracle:jre:1.8.0:update451:::-:::*
CWE		NVD-CWE-noinfo
References	~~() https://www.oracle.com/security-alerts/cpujul2025.html -~~	() https://www.oracle.com/security-alerts/cpujul2025.html - Vendor Advisory

16 Jul 2025, 19:15

Type	Values Removed	Values Added
Summary	(en) Vulnerability in Oracle Java SE (component: Install). Supported versions that are affected are Oracle Java SE: 8u451 and 8u451-perf. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).	(en) Vulnerability in Oracle Java SE (component: Install). The supported version that is affected is Oracle Java SE: 8u451. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE executes to compromise Oracle Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Java SE. Note: Applies to installation process on client deployment of Java. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

16 Jul 2025, 14:59

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad en Oracle Java SE (componente: Instalación). Las versiones compatibles afectadas son Oracle Java SE: 8u451 y 8u451-perf. Esta vulnerabilidad, fácilmente explotable, permite a un atacante con pocos privilegios, con acceso a la infraestructura donde se ejecuta Oracle Java SE, comprometer Oracle Java SE. Los ataques exitosos requieren la interacción humana de una persona distinta al atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle Java SE. Nota: Aplica al proceso de instalación en la implementación de cliente de Java. Puntuación base de CVSS 3.1: 7.3 (Afecta a la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

15 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-15 20:15

Updated : 2025-08-04 21:17

NVD link : CVE-2025-50063

Mitre link : CVE-2025-50063

CVE.ORG link : CVE-2025-50063

JSON object : View

Products Affected

oracle

CWE

NVD-CWE-noinfo

7.3 /10