XXXXXX
Common Vulnerabilities and Exposures Fixes for January 2026
Table of Contents
The following Azul Platform Prime releases contain the January 2026 CPU release of OpenJDK:
| CPU | PSU |
|---|---|
25.08.300.0 |
- |
25.02.700.0 |
- |
The following table lists the latest CVE fixes added in the Azul Platform Prime CPU release. The CVE IDs in the table apply to JDK 8, JDK 11, JDK 17, and 21 unless noted otherwise.
October 2025 CVE Fix
CVSS VERSION 3.1 RISK
| CVE # | Component | Protocol | Remote Exploit w/o Auth. | Base Score | Attack Vector | Attack Complex | Privileges Req’d | User Interact | Scope | Confiden-tiality | Integrity | Availability | Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
NA |
NA |
NA |
0.0 |
NA |
NA |
None |
None |
Unchanged |
High |
None |
None |
21, 17, 11, 8 |
NA |
Notes:
| ID | Notes |
|---|---|
1 |
NA |
2 |
NA |
Base and Impact Metric:
| Metrics | Values |
|---|---|
Attack Vector |
Network (N), Adjacent (A), Local (L), and Physical (P) |
Attack Complexity |
Low (L) and High (H) |
Privileges Required |
None (N), Low (L), and High (H) |
User Interaction |
None (N) and Required (R) |
Scope |
Unchanged (U) and Changed (C) |
Confidentiality Impact |
High (H), Low (L), and None (N) |
Integrity Impact |
High (H), Low (L), and None (N) |
Availability Impact |
High (H), Low (L), and None (N) |
In-Depth Non-CVE Security Fixes
The following table lists the in-depth non-CVE security fixes implemented specifically for Azul Platform Prime.
October 2025 Non-CVE Security Fix
| OpenJDK Patch ID | Azul Prime Version | Synopsis | CPU/PSUCPU fixes are included in both CPU and PSU bundles. PSU fixes are included in the PSU bundles only. |
|---|---|---|---|
8,11,17,21 |
CPU,PSU |