Vulnerability in Oracle E-Business Suite's Customer Care Component
CVE-2025-21516

8.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Customer Care
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists in the Oracle Customer Care component of the Oracle E-Business Suite, affecting versions 12.2.5 through 12.2.13. This security flaw can be exploited by low-privileged attackers with network access, allowing them to perform unauthorized actions such as creating, deleting, or modifying critical data. By exploiting this vulnerability, attackers can gain complete access to all data within Oracle Customer Care, potentially leading to significant data compromise.

Affected Version(s)

Oracle Customer Care 12.2.5 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024