CVE-2025-30736

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Published: Apr 15, 2025
Updated: Jul 13, 2025
CVE: CVE-2025-30736
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / java_virtual_machine	19.3	19.26.x
oracle / java_virtual_machine	21.3	21.17.x
oracle / java_virtual_machine	23.4	23.7.x

https://www.oracle.com/security-alerts/cpuapr2025.html

Vulnerability Database

CVE-2025-30736