Adoptium JDK Image Security Advisories

Stay informed about known vulnerabilities, CVE updates, and security-related changes associated with the adoptium-jdk image. This page lists all advisories that have been issued for this image, including severity levels, descriptions, and resolution status.

Latest Advisories

CVE-2025-12003
Severity: High
Published: April 4, 2025
A vulnerability in the JDK runtime allows remote attackers to exploit heap memory using crafted serialized input. This affects versions prior to 17.0.10-r2.
Fixed in: 17.0.10-r2 and above

CVE-2024-42311
Severity: Medium
Published: March 20, 2025
This issue impacts the XML parser library bundled with older builds. It can lead to Denial of Service via XML entity expansion.
Fixed in: 11.0.22-r1

CVE-2024-99012
Severity: Low
Published: February 12, 2025
Incorrect file permission defaults were detected in /opt/jdk/lib/. This advisory tracks the resolution and patch propagation.
Fixed in: All current versions

Notes

• All images are rebuilt automatically when a patch is available upstream.

• We follow a zero-day disclosure model and prioritize critical patches.

• Subscribe to Chainguard’s RSS Feed or GitHub Security Alerts for real-time updates.