Impact of Java vulnerabilities CVE-2025-30698 and CVE-2025-21587 in MnR 7.x

MnR/Watch4net - 7.x

Vulnerabilities CVE-2025-30698 and CVE-2025-21587 are recently found in java version 1.8_441 which is used in MnR 7.8.0.1, these CVEs would be addressed in future MnR release. Tentatively planned for CY Q3.

CVE-2025-30698:

This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

CVE-2025-21587:

This is a difficult-to-exploit vulnerability in Oracle Java SE. This vulnerability can be exploited through APIs, particularly in environments where untrusted code is executed, such as sandboxed Java Web Start applications or applets and if someone has unauthenticated network access that implies MnR is not affected by these vulnerabilities.

As both the CVEs are not impacting MnR but if user wishes to upgrade vulnerable JAVA, wait for future MnR release planned tentatively for CY Q3.

NOTE: To install/update 7.8.0.1, MnR should be running 7.8 since it is patch on MnR 7.8. Direct update to 7.8.0.1 from any other lower MnR version is not recommended. 

Following vulnerabilities are already addressed in MnR 7.8.0.1 since this release uses Java 1.8_421:

CVE-2025-21502
CVE-2024-21235
CVE-2024-21210
CVE-2024-21217
CVE-2024-21208