ISN 2025-35: JRE Vulnerabilities

First published 21 August 2025

CVSS:3.1: 8.1 (High)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple security vulnerabilities have been found in Azul Zulu, a JRE distribution used in IGEL OS. This affects the following product versions:

• IGEL OS 12

• IGEL OS 11

Details

Three findings rated high affect installations that run Java Web Start applications or sandboxed Java applets and that rely on the Java sandbox for security. These difficult-to-exploit vulnerabilities allow an unauthenticated attacker with network access to compromise the Java VM (CVE-2025-30749, CVE-2025-50106, CVE-2025-50059).

Apart from this, the packaged Libxslt suffers from a use-after-free vulnerability (CVE-2025-24855, high). This may lead to a crash or execution of arbitrary code.

Update Instructions

• OS 12: Update to the Java Runtime Environment OS 12 app in version 17.0.16 or newer.

• OS 11: Update to IGEL OS version 11.11.100 when available.

References

• CVE-2025-30749 https://www.cve.org/CVERecord?id=CVE-2025-30749

• CVE-2025-50059: https://www.cve.org/CVERecord?id=CVE-2025-50059

• CVE-2025-50106: https://www.cve.org/CVERecord?id=CVE-2025-50106

• CVE-2025-24855 https://www.cve.org/CVERecord?id=CVE-2025-24855