Vulnerability found in OpenJDK - CVE-2025-21587 CVE-2025-30691 CVE-2025-30698
search cancel

Vulnerability found in OpenJDK - CVE-2025-21587 CVE-2025-30691 CVE-2025-30698

book

Article ID: 401596

calendar_today

Updated On:

Products

CA Configuration Automation

Issue/Introduction

A vulnerability Scan detects following vulnerabilities on Linux CCA Agent in embedded OpenJDK:

CVE-2025-21587
CVE-2025-30691
CVE-2025-30698

Installed Openjdk version is 1.8.0_212

Environment

Configuration Automation Agent on Linux (version 12.9.0.123 or lower)

Resolution

We recommend replacing the current Java Runtime Environment (JRE) to the latest version. The latest AdoptOpenJDK version can be downloaded and we can replace the existing JRE with the new one in the Agent. Version 1.8.0_452

Example :

For installed Agent the solution is to upgrade JRE using he latest AdoptOpenJDK OpenJDK8U-jre_x64_<OS>_hotspot_8u452b09 ( AdoptOpenJDK Latest Release )


Here is an example on a Linux Agent with downloaded file OpenJDK8U-jre_x64_linux_hotspot_8u452b09.tar.gz

  1. Uncompressed the file OpenJDK8U-jre_x64_linux_hotspot_8u452b09.tar.gz in /tmp
    Directory /tmp/jdk8u452-b09-jre is created

  2. Stop CCA Agent

  3. In CCA Agent directory rename the jre directory as jre_1.8.0_212
    Copy the directory /tmp/jdk8u452-b09-jre in CCA Agent and rename it as jre

  4. OpenJDK version is now 1.8.0_452 :

Additional Information

Java version will be upgraded as part of a future release