+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-10-17 (/Thread-HackerOne-Disclosed-Reports-2025-10-17)
HackerOne disclosed reports - 2025-10-17 - hashXploiter - 10-18-2025
Medium
resolved
resolved
Blu-ray Disc Java Sandbox Escape via two vulnerabilities
Bug reported by Andy Nguyen was disclosed at October 18, 2025, 12:35 am | Execution with Unnecessary Privileges
Two vulnerabilities in Blu-ray Disc Java (bd-j) related to the Inter-Xlet Communication (Ixc) implementation were discovered. The first vulnerability allowed invoking methods in privileged context by registering a remote object that implements an interface extending java.rmi.Remote. The second vulnerability enabled privileged method invocation by setting a custom method in the stub class generated for remote object registration. Together, these vulnerabilities could be exploited to disable the Java sandbox.