Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-10-17
Full Version: HackerOne Disclosed Reports - 2025-10-17
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

10-18-2025, 12:30 PM
Logo
Medium
resolved

Blu-ray Disc Java Sandbox Escape via two vulnerabilities


Bug reported by Andy Nguyen was disclosed at October 18, 2025, 12:35 am   |   Execution with Unnecessary Privileges

Two vulnerabilities in Blu-ray Disc Java (bd-j) related to the Inter-Xlet Communication (Ixc) implementation were discovered. The first vulnerability allowed invoking methods in privileged context by registering a remote object that implements an interface extending java.rmi.Remote. The second vulnerability enabled privileged method invocation by setting a custom method in the stub class generated for remote object registration. Together, these vulnerabilities could be exploited to disable the Java sandbox.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-10-17