Expand or collapse sidebar Expand or collapse sidebar

GraalVM Vulnerability Advisories

Oracle takes security vulnerabilities seriously. If you have discovered a security vulnerability in GraalVM, please report it according to the Oracle vulnerability disclosure process.

This page provides information about security vulnerabilities that have been identified and addressed in GraalVM releases.

Security Updates

October 2025

The following vulnerabilities were fixed in this release.

CVE ID Product Component Protocol Remote Exploit
without Auth.?		 CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score		 Attack
Vector		 Attack
Complex		 Privs
Required		 User
Interaction		 Scope Confidentiality Integrity Availability
CVE-2025-53057 Oracle GraalVM,
Oracle GraalVM Enterprise Edition		 Security Multiple Yes 5.9 Network High None None Unchanged None High None
  • Oracle GraalVM 25.0
  • Oracle GraalVM:
    • For JDK 21.0.8 (23.1.8)
    • For JDK 17.0.16 (23.0.9)
  • Oracle GraalVM Enterprise Edition:
    • 21.3.15
CVE-2025-53066 Oracle GraalVM,
Oracle GraalVM Enterprise Edition		 JAXP Multiple Yes 4.8 Network High None None Unchanged Low None Low
  • Oracle GraalVM 25.0
  • Oracle GraalVM:
    • For JDK 21.0.8 (23.1.8)
    • For JDK 17.0.16 (23.0.9)
  • Oracle GraalVM Enterprise Edition:
    • 21.3.15
CVE-2025-61755 Oracle GraalVM Compiler Multiple Yes 3.7 Network High None None Unchanged Low None None
  • Oracle GraalVM 25.0
  • Oracle GraalVM:
    • For JDK 21.0.8 (23.1.8)
    • For JDK 17.0.16 (23.0.9)
CVE-2025-61748 Oracle GraalVM,
Oracle GraalVM Enterprise Edition		 Libraries Multiple Yes 3.7 Network High None None Unchanged None Low None
  • Oracle GraalVM 25.0
  • Oracle GraalVM:
    • For JDK 21.0.8 (23.1.8)
  • Oracle GraalVM Enterprise Edition:
    • 21.3.15

Staying Informed

To stay informed about GraalVM security updates:

  1. Subscribe to Oracle Security Alerts: Sign up for notifications at Oracle Security Alerts
  2. Monitor GraalVM Release Notes: Check the GraalVM Release Notes for security-related updates
  3. Follow GraalVM Community: Join the GraalVM community for announcements

Connect with us