RLSA-2025:21485

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2025:21485
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2025:21485.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2025:21485
Upstream
Published
2025-11-25T09:18:33.442635Z
Modified
2025-11-25T09:49:05.924953Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Moderate: java-25-openjdk security update
Details

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit.

Security Fix(es):

  • JDK: Enhance Path Factories (CVE-2025-53066)

  • JDK: Enhance Certificate Handling (CVE-2025-53057)

  • JDK: Enhance String Handling (CVE-2025-61748)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Note that the OpenJDK 25 package does not yet include FIPS support. This is expected to be reinstated in a future update.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:10 / java-25-openjdk

Package

Name
java-25-openjdk
Purl
pkg:rpm/rocky-linux/java-25-openjdk?distro=rocky-linux-10&epoch=1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:25.0.1.0.8-2.el10
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2025:21485.json"