USN-7254-1
- Source
- https://ubuntu.com/security/notices/USN-7254-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7254-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7254-1
- Upstream
- Related
- Published
- 2025-02-05T04:27:07.847545Z
- Modified
- 2025-10-13T04:39:41Z
- Summary
- openjdk-21 vulnerability
- Details
-
It was discovered that the Hotspot component of OpenJDK 21 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.
- References
Affected packages
Ubuntu:20.04:LTS / openjdk-21
Package
- Name
- openjdk-21
- Purl
- pkg:deb/ubuntu/openjdk-21@21.0.6+7-1~20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed21.0.6+7-1~20.04.1
Affected versions
21.*
21.0.1+12-2~20.04.1
21.0.2+13-1~20.04.1
21.0.3+9-1ubuntu1~20.04.1
21.0.4+7-1ubuntu2~20.04
21.0.5+11-1ubuntu1~20.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "21.0.6+7-1~20.04.1",
"binary_name": "openjdk-21-demo"
},
{
"binary_version": "21.0.6+7-1~20.04.1",
"binary_name": "openjdk-21-jdk"
},
{
"binary_version": "21.0.6+7-1~20.04.1",
"binary_name": "openjdk-21-jdk-headless"
},
{
"binary_version": "21.0.6+7-1~20.04.1",
"binary_name": "openjdk-21-jre"
},
{
"binary_version": "21.0.6+7-1~20.04.1",
"binary_name": "openjdk-21-jre-headless"
},
{
"binary_version": "21.0.6+7-1~20.04.1",
"binary_name": "openjdk-21-jre-zero"
},
{
"binary_version": "21.0.6+7-1~20.04.1",
"binary_name": "openjdk-21-source"
},
{
"binary_version": "21.0.6+7-1~20.04.1",
"binary_name": "openjdk-21-testsupport"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7254-1.json"
cves_map
{
"cves": [
{
"id": "CVE-2025-21502",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
Ubuntu:22.04:LTS / openjdk-21
Package
- Name
- openjdk-21
- Purl
- pkg:deb/ubuntu/openjdk-21@21.0.6+7-1~22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed21.0.6+7-1~22.04.1
Affected versions
21.*
21.0.1+12-2~22.04
21.0.2+13-1~22.04.1
21.0.3+9-1ubuntu1~22.04.1
21.0.4+7-1ubuntu2~22.04
21.0.5+11-1ubuntu1~22.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "21.0.6+7-1~22.04.1",
"binary_name": "openjdk-21-demo"
},
{
"binary_version": "21.0.6+7-1~22.04.1",
"binary_name": "openjdk-21-jdk"
},
{
"binary_version": "21.0.6+7-1~22.04.1",
"binary_name": "openjdk-21-jdk-headless"
},
{
"binary_version": "21.0.6+7-1~22.04.1",
"binary_name": "openjdk-21-jre"
},
{
"binary_version": "21.0.6+7-1~22.04.1",
"binary_name": "openjdk-21-jre-headless"
},
{
"binary_version": "21.0.6+7-1~22.04.1",
"binary_name": "openjdk-21-jre-zero"
},
{
"binary_version": "21.0.6+7-1~22.04.1",
"binary_name": "openjdk-21-source"
},
{
"binary_version": "21.0.6+7-1~22.04.1",
"binary_name": "openjdk-21-testsupport"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7254-1.json"
cves_map
{
"cves": [
{
"id": "CVE-2025-21502",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS / openjdk-21
Package
- Name
- openjdk-21
- Purl
- pkg:deb/ubuntu/openjdk-21@21.0.6+7-1~24.04.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed21.0.6+7-1~24.04.1
Affected versions
Other
21+35-1
21.*
21.0.1+12-2
21.0.1+12-3
21.0.2+13-1
21.0.2+13-2
21.0.3~7ea-1
21.0.3~7ea-1build1
21.0.3~7ea-1build2
21.0.3+9-1
21.0.3+9-1ubuntu1
21.0.4+7-1ubuntu2~24.04
21.0.5+11-1ubuntu1~24.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "21.0.6+7-1~24.04.1",
"binary_name": "openjdk-21-demo"
},
{
"binary_version": "21.0.6+7-1~24.04.1",
"binary_name": "openjdk-21-jdk"
},
{
"binary_version": "21.0.6+7-1~24.04.1",
"binary_name": "openjdk-21-jdk-headless"
},
{
"binary_version": "21.0.6+7-1~24.04.1",
"binary_name": "openjdk-21-jre"
},
{
"binary_version": "21.0.6+7-1~24.04.1",
"binary_name": "openjdk-21-jre-headless"
},
{
"binary_version": "21.0.6+7-1~24.04.1",
"binary_name": "openjdk-21-jre-zero"
},
{
"binary_version": "21.0.6+7-1~24.04.1",
"binary_name": "openjdk-21-source"
},
{
"binary_version": "21.0.6+7-1~24.04.1",
"binary_name": "openjdk-21-testsupport"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7254-1.json"
cves_map
{
"cves": [
{
"id": "CVE-2025-21502",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
},
{
"type": "Ubuntu",
"score": "medium"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}