The most up to date version of Java (7 Update 25) is vulnerable to an exploit reported to Oracle on 2013Jul18 by Adam Gowdiak of Security Explorations.

This is just the latest version-specific vulnerability in a long series of related vulnerabilities that are all based on a fundamental weakness of Java that has existed for over ten years and has yet to be properly addressed.

Oracle has assured Mr. Gowdiak that this vulnerability will be eliminated in Java 7 Update 40, to be released in September 2013. The good news is that no active exploits for this vulnerability have yet been discovered.

As always, we recommend that you use Java with caution. Disabling Java in your web browser can decrease your exposure to Java-based attacks.

Update 2013Sep11: Java 7 update 40 was released yesterday, but there do not appear to be any specific fixes for this or any other security vulnerability. Some security-related changes were made in 7u40, and those changes may mitigate the vulnerability reported by Mr. Gowdiak. We will await an update from Mr. Gowdiak for confirmation either way.

Update 2013Oct16: Mr. Gowdiak has confirmed that this issue was resolved in Java 7 Update 40.