We have released Liberica JDK builds 8u472, 11.0.29, 17.0.17, 21.0.9, and 25.0.1 with patches for four critical vulnerabilities found in the OpenJFX. The severity of these CVEs is high or medium, so we recommend updating the JDK as soon as possible if you use OpenJFX in your projects.
Below you will find more detailed information about the vulnerabilities.
Another important fix solves the issues of absent classes*.jsa archive on Linux AArch64 when using CDS.
List of security issues fixed
|
CVE ID |
cvss score |
component |
module |
Attack vector (network/local) |
Complexity (low/high) |
Privileges (none/low) |
User interaction (none/required) |
Scope (changed/unchanged) |
Confidentiality (low/none/high) |
Integrity (low/none/high) |
Availability (low/none/high) |
|
CVE-2025-7424 |
7.8 |
javafx |
libxslt |
local |
high |
none |
none |
changed |
none |
high |
high |
|
CVE-2025-7425 |
7.8 |
javafx |
libxslt |
local |
high |
none |
none |
changed |
none |
high |
high |
|
CVE-2025-6021 |
7.5 |
javafx |
libxml2 |
network |
low |
none |
none |
unchanged |
none |
none |
high |
|
CVE-2025-10911 |
5.5 |
javafx |
libxslt |
local |
low |
none |
required |
unchanged |
none |
none |
high |
Summary of fixes in Liberica JDK
CVEs fixed in Liberica per version:
|
CVE ID |
8 |
11 |
17 |
21 |
25 |
|
CVE-2025-7424 |
𑇐 |
𑇐 |
𑇐 |
𑇐 |
𑇐 |
|
CVE-2025-7425 |
𑇐 |
𑇐 |
𑇐 |
𑇐 |
𑇐 |
|
CVE-2025-6021 |
𑇐 |
𑇐 |
𑇐 |
𑇐 |
𑇐 |
|
CVE-2025-10911 |
𑇐 |
𑇐 |
𑇐 |
𑇐 |
𑇐 |
