Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware
CVE-2025-21498

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Http Server
Vendor: CVE Published:; 21 January 2025

What is CVE-2025-21498?

An improper access control vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware. This flaw may be exploited by an unauthenticated attacker with network access via HTTP, potentially allowing unauthorized read access to sensitive data. Affected versions include Oracle Fusion Middleware 12.2.1.4.0, which is susceptible to compromise, highlighting the importance of applying available security updates.

Affected Version(s)

Oracle HTTP Server 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024