The JDK includes several cryptographic service providers, such as Sun, SunRsaSign, and SunJCE, which provide concrete implementations of cryptographic algorithms as defined by the JCA framework. These providers allow Java applications to access security algorithm implementations either by specifying a particular provider, or by letting the framework automatically locate the requested algorithm by searching through the registered providers in their specified preference order.
Two of the vulnerabilities have been assigned a 'moderate severity' rating. One of them is CVE-2025-9231, which may allow an attacker to recover the private key. OpenSSL is used by many applications, websites and services for securing communications and an attacker who can obtain a private key may be able to decrypt encrypted traffic or conduct a man-in-the-middle (MitM) attack.
