Vulnerability in Oracle Financial Services Revenue Management and Billing Chatbot
CVE-2025-21573

6MEDIUM

Key Information:

Vendor

Oracle
Status
Oracle Financial Services Revenue Management And Billing
Vendor
CVE Published:
15 April 2025

What is CVE-2025-21573?

A vulnerability exists in the Oracle Financial Services Revenue Management and Billing product affecting its Chatbot component. This vulnerability allows high-privileged attackers with network access via HTTP to exploit critical functionalities with minimal complexity. The attacker requires human interaction from a user to succeed in their exploit. Once exploited, the attacker can create, delete, or modify accessible data, granting them unauthorized access to sensitive information or potentially causing a partial denial of service to the application. This could have significant impacts on the confidentiality, integrity, and availability of the data within Oracle Financial Services Revenue Management and Billing. The supported affected versions include 5.1.0.0.0, 6.1.0.0.0, and 7.0.0.0.0.

Affected Version(s)

Oracle Financial Services Revenue Management and Billing 5.1.0.0.0

Oracle Financial Services Revenue Management and Billing 6.1.0.0.0

Oracle Financial Services Revenue Management and Billing 7.0.0.0.0

References

https://www.oracle.com/security-alerts/cpuapr2025.html
vendor-advisory

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-21573 : Vulnerability in Oracle Financial Services Revenue Management and Billing Chatbot