{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T04:58:50.531","vulnerabilities":[{"cve":{"id":"CVE-2025-30691","sourceIdentifier":"secalert_us@oracle.com","published":"2025-04-15T21:15:58.360","lastModified":"2025-11-03T20:18:13.993","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle Java SE: 21.0.6, 24; Oracle GraalVM for JDK: 21.0.6 and  24. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data as well as  unauthorized read access to a subset of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."},{"lang":"es","value":"Vulnerabilidad en Oracle Java SE (componente: Compilador). Las versiones compatibles afectadas son Oracle Java SE: 21.0.6, 24; Oracle GraalVM para JDK: 21.0.6 y 24. Esta vulnerabilidad, difícil de explotar, permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos comprometer Oracle Java SE. Los ataques exitosos de esta vulnerabilidad pueden resultar en actualizaciones, inserciones o eliminaciones no autorizadas de algunos datos accesibles de Oracle Java SE, así como en accesos de lectura no autorizados a un subconjunto de dichos datos. Nota: Esta vulnerabilidad puede explotarse mediante el uso de las API del componente especificado, por ejemplo, a través de un servicio web que suministra datos a las API. Esta vulnerabilidad también afecta a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java en entornos aislados, que cargan y ejecutan código no confiable (por ejemplo, código proveniente de internet) y dependen del entorno aislado de Java para su seguridad. Puntuación base de CVSS 3.1: 4.8 (Afecta a la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."}],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm_for_jdk:21.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CA3EFE25-C32C-4C77-9322-FAC4890BFA56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:graalvm_for_jdk:24:*:*:*:*:*:*:*","matchCriteriaId":"1079F3AD-4178-44D9-92E9-C491DE07CD05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:21.0.6:*:*:*:*:*:*:*","matchCriteriaId":"2158B240-CEE8-4A42-8D77-79215BB94924"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:24:*:*:*:*:*:*:*","matchCriteriaId":"137F81E6-12BD-423B-9865-FB33D770337C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:21.0.6:*:*:*:*:*:*:*","matchCriteriaId":"39D7BAAF-CC85-4180-AC4B-40B26B876B3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:24:*:*:*:*:*:*:*","matchCriteriaId":"20E49340-B272-4BDE-AB0D-ECE7F5133B11"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*","matchCriteriaId":"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*","matchCriteriaId":"AD7447BC-F315-4298-A822-549942FC118B"}]}]}],"references":[{"url":"https://www.oracle.com/security-alerts/cpuapr2025.html","source":"secalert_us@oracle.com","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20250418-0004/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}