USN-7252-1
- Source
- https://ubuntu.com/security/notices/USN-7252-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7252-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7252-1
- Upstream
- Related
- Published
- 2025-02-05T04:24:28.327667Z
- Modified
- 2025-10-13T04:39:41Z
- Summary
- openjdk-lts vulnerability
- Details
-
It was discovered that the Hotspot component of OpenJDK 11 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.
- References
Affected packages
Ubuntu:Pro:18.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
- Purl
- pkg:deb/ubuntu/openjdk-lts@11.0.26+4-1ubuntu1~18.04?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.0.26+4-1ubuntu1~18.04
Affected versions
9.*
9.0.4+12-2ubuntu4
9.0.4+12-4ubuntu1
Other
10~46-4ubuntu1
10~46-5ubuntu1
10.*
10.0.1+10-1ubuntu2
10.0.1+10-3ubuntu1
10.0.2+13-1ubuntu0.18.04.1
10.0.2+13-1ubuntu0.18.04.2
10.0.2+13-1ubuntu0.18.04.3
10.0.2+13-1ubuntu0.18.04.4
11.*
11.0.2+9-3ubuntu1~18.04.3
11.0.3+7-1ubuntu2~18.04.1
11.0.4+11-1ubuntu2~18.04.3
11.0.5+10-0ubuntu1.1~18.04
11.0.6+10-1ubuntu1~18.04.1
11.0.7+10-2ubuntu2~18.04
11.0.8+10-0ubuntu1~18.04.1
11.0.9+11-0ubuntu1~18.04.1
11.0.9.1+1-0ubuntu1~18.04
11.0.10+9-0ubuntu1~18.04
11.0.11+9-0ubuntu2~18.04
11.0.13+8-0ubuntu1~18.04
11.0.14+9-0ubuntu2~18.04
11.0.14.1+1-0ubuntu1~18.04
11.0.15+10-0ubuntu0.18.04.1
11.0.16+8-0ubuntu1~18.04
11.0.17+8-1ubuntu2~18.04
11.0.18+10-0ubuntu1~18.04.1
11.0.19+7~us1-0ubuntu1~18.04.1
11.0.20+8-1ubuntu1~18.04
11.0.20.1+1-0ubuntu1~18.04
11.0.21+9-0ubuntu1~18.04
11.0.22+7-0ubuntu2~18.04.1
11.0.23+9-1ubuntu1~18.04.1
11.0.25+9-1ubuntu1~18.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "11.0.26+4-1ubuntu1~18.04",
"binary_name": "openjdk-11-demo"
},
{
"binary_version": "11.0.26+4-1ubuntu1~18.04",
"binary_name": "openjdk-11-jdk"
},
{
"binary_version": "11.0.26+4-1ubuntu1~18.04",
"binary_name": "openjdk-11-jdk-headless"
},
{
"binary_version": "11.0.26+4-1ubuntu1~18.04",
"binary_name": "openjdk-11-jre"
},
{
"binary_version": "11.0.26+4-1ubuntu1~18.04",
"binary_name": "openjdk-11-jre-headless"
},
{
"binary_version": "11.0.26+4-1ubuntu1~18.04",
"binary_name": "openjdk-11-jre-zero"
},
{
"binary_version": "11.0.26+4-1ubuntu1~18.04",
"binary_name": "openjdk-11-source"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7252-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2025-21502"
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
Ubuntu:20.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
- Purl
- pkg:deb/ubuntu/openjdk-lts@11.0.26+4-1ubuntu1~20.04?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.0.26+4-1ubuntu1~20.04
Affected versions
11.*
11.0.5+10-0ubuntu1
11.0.5+10-2ubuntu1
11.0.6+10-1ubuntu1
11.0.6+10-2ubuntu2
11.0.7+9-1ubuntu1
11.0.7+10-2ubuntu1
11.0.7+10-3ubuntu1
11.0.8+10-0ubuntu1~20.04
11.0.9+11-0ubuntu1~20.04
11.0.9.1+1-0ubuntu1~20.04
11.0.10+9-0ubuntu1~20.04
11.0.11+9-0ubuntu2~20.04
11.0.13+8-0ubuntu1~20.04
11.0.14+9-0ubuntu2~20.04
11.0.14.1+1-0ubuntu1~20.04
11.0.15+10-0ubuntu0.20.04.1
11.0.16+8-0ubuntu1~20.04
11.0.17+8-1ubuntu2~20.04
11.0.18+10-0ubuntu1~20.04.1
11.0.19+7~us1-0ubuntu1~20.04.1
11.0.20+8-1ubuntu1~20.04
11.0.20.1+1-0ubuntu1~20.04
11.0.21+9-0ubuntu1~20.04
11.0.22+7-0ubuntu2~20.04.1
11.0.23+9-1ubuntu1~20.04.2
11.0.24+8-1ubuntu3~20.04
11.0.25+9-1ubuntu1~20.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "11.0.26+4-1ubuntu1~20.04",
"binary_name": "openjdk-11-demo"
},
{
"binary_version": "11.0.26+4-1ubuntu1~20.04",
"binary_name": "openjdk-11-jdk"
},
{
"binary_version": "11.0.26+4-1ubuntu1~20.04",
"binary_name": "openjdk-11-jdk-headless"
},
{
"binary_version": "11.0.26+4-1ubuntu1~20.04",
"binary_name": "openjdk-11-jre"
},
{
"binary_version": "11.0.26+4-1ubuntu1~20.04",
"binary_name": "openjdk-11-jre-headless"
},
{
"binary_version": "11.0.26+4-1ubuntu1~20.04",
"binary_name": "openjdk-11-jre-zero"
},
{
"binary_version": "11.0.26+4-1ubuntu1~20.04",
"binary_name": "openjdk-11-source"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7252-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2025-21502"
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
Ubuntu:22.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
- Purl
- pkg:deb/ubuntu/openjdk-lts@11.0.26+4-1ubuntu1~22.04?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.0.26+4-1ubuntu1~22.04
Affected versions
11.*
11.0.12+7-0ubuntu3
11.0.13+8-0ubuntu1
11.0.14+9-0ubuntu2
11.0.14.1+1-0ubuntu1
11.0.15+10-0ubuntu0.22.04.1
11.0.16+8-0ubuntu1~22.04
11.0.17+8-1ubuntu2~22.04
11.0.18+10-0ubuntu1~22.04
11.0.19+7~us1-0ubuntu1~22.04.1
11.0.20+8-1ubuntu1~22.04
11.0.20.1+1-0ubuntu1~22.04
11.0.21+9-0ubuntu1~22.04
11.0.22+7-0ubuntu2~22.04.1
11.0.23+9-1ubuntu1~22.04.1
11.0.24+8-1ubuntu3~22.04
11.0.25+9-1ubuntu1~22.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "11.0.26+4-1ubuntu1~22.04",
"binary_name": "openjdk-11-demo"
},
{
"binary_version": "11.0.26+4-1ubuntu1~22.04",
"binary_name": "openjdk-11-jdk"
},
{
"binary_version": "11.0.26+4-1ubuntu1~22.04",
"binary_name": "openjdk-11-jdk-headless"
},
{
"binary_version": "11.0.26+4-1ubuntu1~22.04",
"binary_name": "openjdk-11-jre"
},
{
"binary_version": "11.0.26+4-1ubuntu1~22.04",
"binary_name": "openjdk-11-jre-headless"
},
{
"binary_version": "11.0.26+4-1ubuntu1~22.04",
"binary_name": "openjdk-11-jre-zero"
},
{
"binary_version": "11.0.26+4-1ubuntu1~22.04",
"binary_name": "openjdk-11-source"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7252-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2025-21502"
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS / openjdk-lts
Package
- Name
- openjdk-lts
- Purl
- pkg:deb/ubuntu/openjdk-lts@11.0.26+4-1ubuntu1~24.04?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed11.0.26+4-1ubuntu1~24.04
Affected versions
11.*
11.0.20+8-1ubuntu1
11.0.21+9-0ubuntu1
11.0.22+7-0ubuntu2
11.0.23~7ea-1ubuntu1
11.0.23~7ea-1ubuntu2
11.0.23+9-1ubuntu1
11.0.24+8-1ubuntu3~24.04.1
11.0.25+9-1ubuntu1~24.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "11.0.26+4-1ubuntu1~24.04",
"binary_name": "openjdk-11-demo"
},
{
"binary_version": "11.0.26+4-1ubuntu1~24.04",
"binary_name": "openjdk-11-jdk"
},
{
"binary_version": "11.0.26+4-1ubuntu1~24.04",
"binary_name": "openjdk-11-jdk-headless"
},
{
"binary_version": "11.0.26+4-1ubuntu1~24.04",
"binary_name": "openjdk-11-jre"
},
{
"binary_version": "11.0.26+4-1ubuntu1~24.04",
"binary_name": "openjdk-11-jre-headless"
},
{
"binary_version": "11.0.26+4-1ubuntu1~24.04",
"binary_name": "openjdk-11-jre-zero"
},
{
"binary_version": "11.0.26+4-1ubuntu1~24.04",
"binary_name": "openjdk-11-source"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7252-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
],
"id": "CVE-2025-21502"
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}