USN-7883-1
- Source
- https://ubuntu.com/security/notices/USN-7883-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7883-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7883-1
- Upstream
- Related
- Published
- 2025-11-24T00:55:38.768921Z
- Modified
- 2025-11-26T10:46:28.708222Z
- Summary
- openjdk-17 vulnerabilities
- Details
-
Jinfeng Guo discovered that the Security component of OpenJDK 17 did not correctly handle certain representations of encoded strings. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2025-53057)
Darius Bohni discovered that the JAXP component of OpenJDK 17 was vulnerable to a XML External Entity (XEE) attack. An unauthenticated remote attacker could possibly use this issue to modify files or leak sensitive information. (CVE-2025-53066)
In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-10-21
- References
Affected packages
Ubuntu:22.04:LTS
openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.17+10-1~22.04?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.17+10-1~22.04
Affected versions
Other
17+35-1
17.*
17.0.1+12-1
17.0.2+8-1
17.0.3+7-0ubuntu0.22.04.1
17.0.4+8-1~22.04
17.0.5+8-2ubuntu1~22.04
17.0.6+10-0ubuntu1~22.04
17.0.7+7~us1-0ubuntu1~22.04.2
17.0.8+7-1~22.04
17.0.8.1+1~us1-0ubuntu1~22.04
17.0.9+9-1~22.04
17.0.10+7-1~22.04.1
17.0.11+9-1~22.04.1
17.0.12+7-1ubuntu2~22.04
17.0.13+11-2ubuntu1~22.04
17.0.14+7-1~22.04.1
17.0.15+6~us1-0ubuntu1~22.04
17.0.16+8~us1-0ubuntu1~22.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openjdk-17-demo",
"binary_version": "17.0.17+10-1~22.04"
},
{
"binary_name": "openjdk-17-jdk",
"binary_version": "17.0.17+10-1~22.04"
},
{
"binary_name": "openjdk-17-jdk-headless",
"binary_version": "17.0.17+10-1~22.04"
},
{
"binary_name": "openjdk-17-jre",
"binary_version": "17.0.17+10-1~22.04"
},
{
"binary_name": "openjdk-17-jre-headless",
"binary_version": "17.0.17+10-1~22.04"
},
{
"binary_name": "openjdk-17-jre-zero",
"binary_version": "17.0.17+10-1~22.04"
},
{
"binary_name": "openjdk-17-source",
"binary_version": "17.0.17+10-1~22.04"
}
]
}Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53057"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53066"
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS
openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.17+10-1~24.04?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.17+10-1~24.04
Affected versions
17.*
17.0.9~6ea-1
17.0.9+9-1
17.0.9+9-2
17.0.10~6ea-1
17.0.10+7-1
17.0.11~7ea-1
17.0.11~7ea-1build1
17.0.11+9-1
17.0.12+7-1ubuntu2~24.04
17.0.13+11-2ubuntu1~24.04
17.0.14+7-1~24.04
17.0.15+6~us1-0ubuntu1~24.04
17.0.16+8~us1-0ubuntu1~24.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openjdk-17-demo",
"binary_version": "17.0.17+10-1~24.04"
},
{
"binary_name": "openjdk-17-jdk",
"binary_version": "17.0.17+10-1~24.04"
},
{
"binary_name": "openjdk-17-jdk-headless",
"binary_version": "17.0.17+10-1~24.04"
},
{
"binary_name": "openjdk-17-jre",
"binary_version": "17.0.17+10-1~24.04"
},
{
"binary_name": "openjdk-17-jre-headless",
"binary_version": "17.0.17+10-1~24.04"
},
{
"binary_name": "openjdk-17-jre-zero",
"binary_version": "17.0.17+10-1~24.04"
},
{
"binary_name": "openjdk-17-source",
"binary_version": "17.0.17+10-1~24.04"
}
]
}Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53057"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53066"
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
Ubuntu:25.04
openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.17+10-1~25.04?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.17+10-1~25.04
Affected versions
17.*
17.0.12+7-2
17.0.13+11-2build1
17.0.14~6ea-1
17.0.14+7-1
17.0.15~4ea-1
17.0.15~5ea-1
17.0.15+6~us1-0ubuntu1~25.04
17.0.16+8~us1-0ubuntu1~25.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openjdk-17-demo",
"binary_version": "17.0.17+10-1~25.04"
},
{
"binary_name": "openjdk-17-jdk",
"binary_version": "17.0.17+10-1~25.04"
},
{
"binary_name": "openjdk-17-jdk-headless",
"binary_version": "17.0.17+10-1~25.04"
},
{
"binary_name": "openjdk-17-jre",
"binary_version": "17.0.17+10-1~25.04"
},
{
"binary_name": "openjdk-17-jre-headless",
"binary_version": "17.0.17+10-1~25.04"
},
{
"binary_name": "openjdk-17-jre-zero",
"binary_version": "17.0.17+10-1~25.04"
},
{
"binary_name": "openjdk-17-source",
"binary_version": "17.0.17+10-1~25.04"
}
]
}Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53057"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53066"
}
],
"ecosystem": "Ubuntu:25.04"
}
Ubuntu:25.10
openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.17+10-1~25.10?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.17+10-1~25.10
Affected versions
17.*
17.0.15~5ea-1
17.0.15+6-1
17.0.16~5ea-1
17.0.16+8~us1-0ubuntu1
17.0.16+8-1
17.0.17~8ea-1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "openjdk-17-demo",
"binary_version": "17.0.17+10-1~25.10"
},
{
"binary_name": "openjdk-17-jdk",
"binary_version": "17.0.17+10-1~25.10"
},
{
"binary_name": "openjdk-17-jdk-headless",
"binary_version": "17.0.17+10-1~25.10"
},
{
"binary_name": "openjdk-17-jre",
"binary_version": "17.0.17+10-1~25.10"
},
{
"binary_name": "openjdk-17-jre-headless",
"binary_version": "17.0.17+10-1~25.10"
},
{
"binary_name": "openjdk-17-jre-zero",
"binary_version": "17.0.17+10-1~25.10"
},
{
"binary_name": "openjdk-17-source",
"binary_version": "17.0.17+10-1~25.10"
}
]
}Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53057"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53066"
}
],
"ecosystem": "Ubuntu:25.10"
}
Ubuntu:Pro:18.04:LTS
openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.17+10-1~18.04?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.17+10-1~18.04
Affected versions
17+35-1~18.*
17+35-1~18.04
17.*
17.0.1+12-1~18.04
17.0.2+8-1~18.04
17.0.3+7-0ubuntu0.18.04.1
17.0.4+8-1~18.04
17.0.5+8-2ubuntu1~18.04
17.0.6+10-0ubuntu1~18.04.1
17.0.7+7~us1-0ubuntu1~18.04
17.0.8+7-1~18.04
17.0.8.1+1~us1-0ubuntu1~18.04
17.0.9+9-1~18.04
17.0.10+7-1~18.04.1
17.0.11+9-1~18.04.1
17.0.13+11-2ubuntu1~18.04.2
17.0.14+7-1~18.04
17.0.15+6~us1-0ubuntu1~18.04
17.0.16+8~us1-0ubuntu1~18.04.1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openjdk-17-demo",
"binary_version": "17.0.17+10-1~18.04"
},
{
"binary_name": "openjdk-17-jdk",
"binary_version": "17.0.17+10-1~18.04"
},
{
"binary_name": "openjdk-17-jdk-headless",
"binary_version": "17.0.17+10-1~18.04"
},
{
"binary_name": "openjdk-17-jre",
"binary_version": "17.0.17+10-1~18.04"
},
{
"binary_name": "openjdk-17-jre-headless",
"binary_version": "17.0.17+10-1~18.04"
},
{
"binary_name": "openjdk-17-jre-zero",
"binary_version": "17.0.17+10-1~18.04"
},
{
"binary_name": "openjdk-17-source",
"binary_version": "17.0.17+10-1~18.04"
}
]
}Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53057"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53066"
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
Ubuntu:Pro:20.04:LTS
openjdk-17
Package
- Name
- openjdk-17
- Purl
- pkg:deb/ubuntu/openjdk-17@17.0.17+10-1~20.04?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.0.17+10-1~20.04
Affected versions
17+35-1~20.*
17+35-1~20.04
17.*
17.0.1+12-1~20.04
17.0.2+8-1~20.04
17.0.3+7-0ubuntu0.20.04.1
17.0.4+8-1~20.04
17.0.5+8-2ubuntu1~20.04
17.0.6+10-0ubuntu1~20.04.1
17.0.7+7~us1-0ubuntu1~20.04
17.0.8+7-1~20.04.2
17.0.8.1+1~us1-0ubuntu1~20.04
17.0.9+9-1~20.04
17.0.10+7-1~20.04.1
17.0.11+9-1~20.04.2
17.0.12+7-1ubuntu2~20.04
17.0.13+11-2ubuntu1~20.04
17.0.14+7-1~20.04
17.0.15+6~us1-0ubuntu1~20.04
17.0.16+8~us1-0ubuntu1~20.04.6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "openjdk-17-demo",
"binary_version": "17.0.17+10-1~20.04"
},
{
"binary_name": "openjdk-17-jdk",
"binary_version": "17.0.17+10-1~20.04"
},
{
"binary_name": "openjdk-17-jdk-headless",
"binary_version": "17.0.17+10-1~20.04"
},
{
"binary_name": "openjdk-17-jre",
"binary_version": "17.0.17+10-1~20.04"
},
{
"binary_name": "openjdk-17-jre-headless",
"binary_version": "17.0.17+10-1~20.04"
},
{
"binary_name": "openjdk-17-jre-zero",
"binary_version": "17.0.17+10-1~20.04"
},
{
"binary_name": "openjdk-17-source",
"binary_version": "17.0.17+10-1~20.04"
}
]
}Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53057"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-53066"
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}