2403082 – (CVE-2025-53057) CVE-2025-53057 openjdk: Enhance certificate handling (Oracle CPU 2025-10)

Bug 2403082 (CVE-2025-53057) - CVE-2025-53057 openjdk: Enhance certificate handling (Oracle CPU 2025-10)

Summary: CVE-2025-53057 openjdk: Enhance certificate handling (Oracle CPU 2025-10)

Keywords:
Status:	NEW
Alias:	CVE-2025-53057
Deadline:	2025-10-21
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-10 13:13 UTC by OSIDB Bzimport
Modified:	2026-01-15 08:13 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:22672	0	None	None	None	2025-12-03 20:46:37 UTC

Description OSIDB Bzimport 2025-10-10 13:13:31 UTC

Java APIs in certain cases may return Distinguished Name strings that
are incorrect representations of the encoded form of BMPString,
PrintableString, and IA5String.

Comment 2 Michal Findra 2025-10-24 13:39:22 UTC

OpenJDK-8 upstream commit:
https://github.com/openjdk/jdk8u/commit/d5ac2ad89a369697a48e7f3e6b889e22afa50a2f

OpenJDK-11 upstream commit:
https://github.com/openjdk/jdk11u/commit/d3b1c2be9e87aad07cac29d94679130fe5807c17

OpenJDK-17 upstream commit:
https://github.com/openjdk/jdk17u/commit/cbba8b9dc39c7e484549fd765c9eb8feb7e122e0

OpenJDK-21 upstream commit:
https://github.com/openjdk/jdk21u/commit/643330569baa7c835c2970f0272e9c83883d2a31

Comment 3 Michal Findra 2025-10-24 13:46:29 UTC

This CVE was fixed in Oracle Java SE 8u471, 11.0.29, 17.0.17, 21.0.9, 25.0.1. 

https://www.oracle.com/java/technologies/javase/8u471-relnotes.html#R180_471
https://www.oracle.com/java/technologies/javase/11-0-29-relnotes.html#R11_0_29
https://www.oracle.com/java/technologies/javase/17-0-17-relnotes.html#R17_0_17
https://www.oracle.com/java/technologies/javase/21-0-9-relnotes.html
https://www.oracle.com/java/technologies/javase/25-0-1-relnotes.html

Comment 4 errata-xmlrpc 2025-12-03 20:46:36 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support
  Red Hat Enterprise Linux 10

Via RHSA-2025:22672 https://access.redhat.com/errata/RHSA-2025:22672

Comment 6 Orville Briggs 2026-01-15 08:13:01 UTC

Some Java APIs (for example X500Principal.getName()) may return Distinguished Name strings that do not correctly represent the original ASN.1 encoding when DN attributes are encoded as BMPString, PrintableString, or IA5String. In such cases, Java normalizes the values to UTF-8, which can cause the returned DN string to differ from the actual encoded form in the certificate. https://geometrydash-lite.co

Note You need to log in before you can comment on or make changes to this bug.