CVE-2025-53066: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE
highvulnerability
security
Summary
A vulnerability (CVE-2025-53066) exists in Oracle Java SE and related products, affecting multiple versions including Java 8, 11, 17, 21, and 25. An attacker with network access can exploit this flaw in the JAXP component (a Java library for processing XML data) without needing to log in, potentially gaining unauthorized access to sensitive data. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 7.5, indicating it is a serious threat.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-53066
First tracked: February 15, 2026 at 08:43 PM
Classified by LLM (prompt v3) · confidence: 65%