This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Imzi
Explorer
Tuesday
Jump to solution

CVE-2025-53057 Exploit in Check Point

Our client’s Vulnerability Assessment (VA) team has reported a finding related to CVE-2025-53057 on the Check Point Management Server.

The CVE is described as:

CVE-2025-53057 – IBM Java multiple vulnerabilities

Affects IBM Java 7.1 < 7.1.5.28 and IBM Java 8.0 < 8.0.8.55

 

Our Management Server is running Check Point version R81.20 Take 105.

After reviewing Check Point documentation and available advisories, we were unable to find any reference or mitigation guidance confirming whether this CVE is applicable or exploitable on Check Point devices.

We would like confirmation on the following:

  • Whether CVE-2025-53057 is applicable or exploitable on Check Point R81.20 Management Servers

  • Whether Check Point uses the affected IBM Java versions in this release

  • If applicable, whether any hotfix, Jumbo, or mitigation is required

Please clarify whether this CVE is not applicable (false positive) for Check Point devices or if any action is required from our side.

 

0 Kudos
1 Solution

Accepted Solutions
Alex_Mitsevich
Employee
Employee
Wednesday
Jump to solution

Hello Imzi,

Though Check Point Management server uses the vulnerable version and in some cases it is reachable over the network, all the requests are strictly authenticated, authorized, and validated. Therefore, there's no real risk for exploitation.
Anyway, we work to update to the fixed Java version in one of the coming Jumbo versions.
In addition, customers may request for a private fix based on the version they run. 

View solution in original post

0 Kudos
3 Replies
Lesley
MVP Gold
MVP Gold
Wednesday
Jump to solution

You can run command below to see what version is running on the relevant system. For official statement you need to open TAC because there is no info regarding this CVE in the SK's or advisories https://support.checkpoint.com/security-advisories

gateways do not really use JAVA. But some LOM cards use them. Here an old SK with some products that used it back then: https://support.checkpoint.com/results/sk/sk147153

java -version

 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
Martijn
Advisor
Advisor
Wednesday
Jump to solution

Hi,

Do you have a link to this CVE. All I can find is a article about Oracle Java.

I have asked AI Copilot the following question: "Is Check Point R81.20 Take 105 vulnerable for CVE-2025-53057?" and got this answer:

CVE-2025-53057 and Check Point R81.20 Take 105

After searching the latest Check Point advisories and vulnerability documentation, there is no evidence or official statement indicating that Check Point R81.20 Take 105 is vulnerable to CVE-2025-53057.

Key Points

  • There are no published Check Point advisories or security bulletins referencing CVE-2025-53057.
  • Check Point R81.20 (including Take 105) is not listed as vulnerable to this CVE in any official documentation.
  • Check Point regularly updates its security advisories. If a product is found vulnerable, it will be published promptly.

Maybe this helps.

Martijn




0 Kudos
Alex_Mitsevich
Employee
Employee
Wednesday
Jump to solution

Hello Imzi,

Though Check Point Management server uses the vulnerable version and in some cases it is reachable over the network, all the requests are strictly authenticated, authorized, and validated. Therefore, there's no real risk for exploitation.
Anyway, we work to update to the fixed Java version in one of the coming Jumbo versions.
In addition, customers may request for a private fix based on the version they run. 
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events