Vulnerability in Oracle Agile PLM Framework by Oracle affecting Integration Services
CVE-2025-21556

9.9CRITICAL

Key Information:

Vendor: Oracle
Status: Oracle Agile Plm Framework
Vendor: CVE Published:; 21 January 2025

Badges

👾 Exploit Exists📰 News Worthy

Summary

A vulnerability exists in Oracle's Agile PLM Framework affecting version 9.3.6, specifically within Agile Integration Services. This flaw allows a low privileged attacker with network access via HTTP to potentially compromise the system. While primarily associated with the Agile PLM Framework, exploitation could also affect related products, highlighting the vulnerability's broader impact. Successful exploitation can lead to complete takeover of the Agile PLM Framework, undermining confidentiality, integrity, and availability.

Affected Version(s)

Oracle Agile PLM Framework 9.3.6

News Articles

The Hacker News

CVE-2025-21556

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Apply Oracle's January 2025 Patch fixing 318 vulnerabilities, including CVE-2025-21556 (CVSS 9.9), to prevent risks.

6 hours ago

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Jan 22, 2025
📰
First article discovered by The Hacker News
Jan 22, 2025
Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

References

CVSS V3.1

Timeline