- Vulnerability/
- USN-7254-1
USN-7254-1: OpenJDK 21 vulnerability
First published: Wed Feb 05 2025(Updated: )
It was discovered that the Hotspot component of OpenJDK 21 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/openjdk-21-jdk | <21.0.6+7-1~24.10.1 | 21.0.6+7-1~24.10.1 |
| Xfce Application Finder | =24.10 | |
| All of | ||
| ubuntu/openjdk-21-jdk-headless | <21.0.6+7-1~24.10.1 | 21.0.6+7-1~24.10.1 |
| Xfce Application Finder | =24.10 | |
| All of | ||
| ubuntu/openjdk-21-jre | <21.0.6+7-1~24.10.1 | 21.0.6+7-1~24.10.1 |
| Xfce Application Finder | =24.10 | |
| All of | ||
| ubuntu/openjdk-21-jre-headless | <21.0.6+7-1~24.10.1 | 21.0.6+7-1~24.10.1 |
| Xfce Application Finder | =24.10 | |
| All of | ||
| ubuntu/openjdk-21-jre-zero | <21.0.6+7-1~24.10.1 | 21.0.6+7-1~24.10.1 |
| Xfce Application Finder | =24.10 | |
| All of | ||
| ubuntu/openjdk-21-jdk | <21.0.6+7-1~24.04.1 | 21.0.6+7-1~24.04.1 |
| Xfce Application Finder | =24.04 | |
| All of | ||
| ubuntu/openjdk-21-jdk-headless | <21.0.6+7-1~24.04.1 | 21.0.6+7-1~24.04.1 |
| Xfce Application Finder | =24.04 | |
| All of | ||
| ubuntu/openjdk-21-jre | <21.0.6+7-1~24.04.1 | 21.0.6+7-1~24.04.1 |
| Xfce Application Finder | =24.04 | |
| All of | ||
| ubuntu/openjdk-21-jre-headless | <21.0.6+7-1~24.04.1 | 21.0.6+7-1~24.04.1 |
| Xfce Application Finder | =24.04 | |
| All of | ||
| ubuntu/openjdk-21-jre-zero | <21.0.6+7-1~24.04.1 | 21.0.6+7-1~24.04.1 |
| Xfce Application Finder | =24.04 | |
| All of | ||
| ubuntu/openjdk-21-jdk | <21.0.6+7-1~22.04.1 | 21.0.6+7-1~22.04.1 |
| Xfce Application Finder | =22.04 | |
| All of | ||
| ubuntu/openjdk-21-jdk-headless | <21.0.6+7-1~22.04.1 | 21.0.6+7-1~22.04.1 |
| Xfce Application Finder | =22.04 | |
| All of | ||
| ubuntu/openjdk-21-jre | <21.0.6+7-1~22.04.1 | 21.0.6+7-1~22.04.1 |
| Xfce Application Finder | =22.04 | |
| All of | ||
| ubuntu/openjdk-21-jre-headless | <21.0.6+7-1~22.04.1 | 21.0.6+7-1~22.04.1 |
| Xfce Application Finder | =22.04 | |
| All of | ||
| ubuntu/openjdk-21-jre-zero | <21.0.6+7-1~22.04.1 | 21.0.6+7-1~22.04.1 |
| Xfce Application Finder | =22.04 | |
| All of | ||
| ubuntu/openjdk-21-jdk | <21.0.6+7-1~20.04.1 | 21.0.6+7-1~20.04.1 |
| Xfce Application Finder | =20.04 | |
| All of | ||
| ubuntu/openjdk-21-jdk-headless | <21.0.6+7-1~20.04.1 | 21.0.6+7-1~20.04.1 |
| Xfce Application Finder | =20.04 | |
| All of | ||
| ubuntu/openjdk-21-jre | <21.0.6+7-1~20.04.1 | 21.0.6+7-1~20.04.1 |
| Xfce Application Finder | =20.04 | |
| All of | ||
| ubuntu/openjdk-21-jre-headless | <21.0.6+7-1~20.04.1 | 21.0.6+7-1~20.04.1 |
| Xfce Application Finder | =20.04 | |
| All of | ||
| ubuntu/openjdk-21-jre-zero | <21.0.6+7-1~20.04.1 | 21.0.6+7-1~20.04.1 |
| Xfce Application Finder | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2025-21502
- https://ubuntu.com/security/notices/USN-7252-1
- https://ubuntu.com/security/notices/USN-7253-1
- https://ubuntu.com/security/notices/USN-7255-1
- https://ubuntu.com/security/notices/USN-7338-1
- https://ubuntu.com/security/notices/USN-7339-1
- https://launchpad.net/ubuntu/+source/openjdk-21/21.0.6+7-1~24.10.1
- https://launchpad.net/ubuntu/+source/openjdk-21/21.0.6+7-1~24.04.1
- https://launchpad.net/ubuntu/+source/openjdk-21/21.0.6+7-1~22.04.1
- https://launchpad.net/ubuntu/+source/openjdk-21/21.0.6+7-1~20.04.1
- https://ubuntu.com/security/notices/USN-7254-1 (Advisory)
Frequently Asked Questions
What is the severity of USN-7254-1?
USN-7254-1 has a critical severity rating due to the risk of unauthorized access to sensitive information.
How do I fix USN-7254-1?
To fix USN-7254-1, update your OpenJDK packages to version 21.0.6+7-1~24.10.1 or later.
What versions of OpenJDK are affected by USN-7254-1?
USN-7254-1 affects various versions of OpenJDK 21 included in Ubuntu 20.04, 22.04, and 24.04.
Who is at risk from the vulnerability identified in USN-7254-1?
Unauthenticated attackers can exploit the vulnerability in USN-7254-1 to gain unauthorized access to resources.
Is it safe to use OpenJDK versions prior to the fix for USN-7254-1?
Using OpenJDK versions prior to the fix for USN-7254-1 poses a security risk and is not recommended.
- agent/title
- agent/last-modified-date
- agent/source
- agent/description
- agent/references
- agent/first-publish-date
- agent/type
- agent/event
- agent/softwarecombine
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/24.10
- version/ubuntu/24.04
- version/ubuntu/22.04
- version/ubuntu/20.04