vulnerability
Ubuntu: (Multiple Advisories) (CVE-2025-53057): OpenJDK 8 vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:C/A:N) | Oct 21, 2025 | Nov 26, 2025 | Dec 3, 2025 |
Description
Jinfeng Guo discovered that the Security component of OpenJDK 8 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)
Darius Bohni discovered that the JAXP component of OpenJDK 8 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated
remote attacker could possibly use this issue to modify files or leak
sensitive information. (CVE-2025-53066)
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-10-21
Solutions
References
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.