{"id":"CVE-2025-21502","aliases":["BIT-java-2025-21502","BIT-java-min-2025-21502","BIT-jre-2025-21502"],"modified":"2026-05-18T05:59:11.734021662Z","published":"2025-01-21T20:52:56.446Z","related":["ALSA-2025:0422","ALSA-2025:0426","CGA-chc5-4fq5-g9w5","SUSE-SU-2025:0235-1","SUSE-SU-2025:0279-1","SUSE-SU-2025:0338-1","SUSE-SU-2025:0339-1","SUSE-SU-2025:0674-1","SUSE-SU-2025:0675-1","USN-7255-1","USN-7338-1","USN-7339-1","openSUSE-SU-2025:0066-1","openSUSE-SU-2025:0067-1","openSUSE-SU-2025:14682-1","openSUSE-SU-2025:14685-1","openSUSE-SU-2025:14686-1","openSUSE-SU-2025:14747-1","openSUSE-SU-2025:14748-1","openSUSE-SU-2025:14755-1","openSUSE-SU-2025:14824-1"],"database_specific":{"cna_assigner":"oracle","unresolved_ranges":[{"extracted_events":[{"last_affected":"Oracle Java SE:8u431-perf"},{"last_affected":"Oracle Java SE:11.0.25"},{"last_affected":"Oracle Java SE:17.0.13"},{"last_affected":"Oracle Java SE:21.0.5"},{"last_affected":"Oracle Java SE:23.0.1"},{"last_affected":"Oracle GraalVM for JDK:17.0.13"},{"last_affected":"Oracle GraalVM for JDK:21.0.5"},{"last_affected":"Oracle GraalVM for JDK:23.0.1"},{"last_affected":"Oracle GraalVM Enterprise Edition:20.3.16"},{"last_affected":"Oracle GraalVM Enterprise Edition:21.3.12"}],"source":"AFFECTED_FIELD"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21502.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/01/25/6"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00031.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/02/msg00004.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21502.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21502"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250124-0009/"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2025.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/graalvm/graalvm-ce-builds","events":[{"introduced":"0"},{"last_affected":"5f0c2ee78ad738f96c63762c8464184ee63047ee"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"23.0.1"}],"cpe":["cpe:2.3:a:oracle:graalvm_for_jdk:23.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:jdk:23.0.1:*:*:*:*:*:*:*","cpe:2.3:a:oracle:jre:23.0.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD"}}],"versions":["jdk-25.0.2","jdk-25.0.1","jdk-25.0.0","jdk-24.0.2","jdk-24.0.1","jdk-24.0.0","jdk-23.0.2","jdk-23.0.1","jdk-23.0.0","jdk-22.0.2","jdk-22.0.1","jdk-22.0.0","jdk-21.0.2","jdk-21.0.1","jdk-21.0.0","jdk-17.0.9","graal-23.0.2","jdk-20.0.2","jdk-17.0.8","graal-23.0.1","vm-ce-22.3.3","vm-22.3.3","jdk-20.0.1","jdk-17.0.7","graal-23.0.0","vm-22.3.2","vm-22.3.1","vm-22.3.0","vm-22.2.0","vm-21.3.3.1","vm-21.3.3","vm-22.1.0","vm-21.3.2","vm-20.3.6","vm-22.0.0.2","vm-21.3.1","vm-20.3.5","vm-ce-21.2.0","vm-20.0.0","vm-19.3.1","vm-19.3.0.2","vm-19.3.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21502.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}