Unauthenticated Network Access Vulnerability in JD Edwards EnterpriseOne Tools by Oracle
CVE-2025-21527

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 21 January 2025

What is CVE-2025-21527?

A vulnerability exists in JD Edwards EnterpriseOne Tools from Oracle, specifically in the Design Tools SEC component, which affects versions prior to 9.2.9.0. This flaw allows an unauthenticated attacker with network access via HTTP to compromise the system. While the attack requires human interaction, successful exploitation can lead to unauthorized modifications, including insertions and deletions of data, and unauthorized reading of some accessible data. The impact of this vulnerability is significant, potentially affecting additional products associated with JD Edwards EnterpriseOne Tools.

Affected Version(s)

JD Edwards EnterpriseOne Tools * < 9.2.9.0

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024