CVE-2025-4447

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/eclipse-openj9/openj9/pull/21762	Issue Tracking
https://gitlab.eclipse.org/security/cve-assignement/-/issues/61	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

History

31 Jul 2025, 16:12

Type	Values Removed	Values Added
First Time		Eclipse Eclipse openj9
References	~~() https://github.com/eclipse-openj9/openj9/pull/21762 -~~	() https://github.com/eclipse-openj9/openj9/pull/21762 - Issue Tracking
References	~~() https://gitlab.eclipse.org/security/cve-assignement/-/issues/61 -~~	() https://gitlab.eclipse.org/security/cve-assignement/-/issues/61 - Issue Tracking, Vendor Advisory
CPE		cpe:2.3:a:eclipse:openj9::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

12 May 2025, 17:32

Type	Values Removed	Values Added
Summary		(es) En versiones de Eclipse OpenJ9 hasta la 0.51, cuando se utiliza con OpenJDK versión 8, se puede producir un desbordamiento de búfer basado en pila al modificar un archivo en el disco que se lee cuando se inicia la JVM.

09 May 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-09 21:15

Updated : 2025-07-31 16:12

NVD link : CVE-2025-4447

Mitre link : CVE-2025-4447

CVE.ORG link : CVE-2025-4447

JSON object : View

Products Affected

eclipse

openj9

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-4447", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "emo@eclipse.org", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-09T21:15:51.410", "references": [{"url": "https://github.com/eclipse-openj9/openj9/pull/21762", "tags": ["Issue Tracking"], "source": "emo@eclipse.org"}, {"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts."}, {"lang": "es", "value": "En versiones de Eclipse OpenJ9 hasta la 0.51, cuando se utiliza con OpenJDK versi\u00f3n 8, se puede producir un desbordamiento de b\u00fafer basado en pila al modificar un archivo en el disco que se lee cuando se inicia la JVM."}], "lastModified": "2025-07-31T16:12:32.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4F97445-62DE-4295-B963-E34C0FF5DF01", "versionEndIncluding": "0.51.0", "versionStartIncluding": "0.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}