Remote Code Execution in Oracle iSupplier Portal of Oracle E-Business Suite
CVE-2025-30692

6.5MEDIUM

Key Information:

Vendor

Oracle
Status
Oracle Isupplier Portal
Vendor
CVE Published:
15 April 2025

What is CVE-2025-30692?

The vulnerability in Oracle iSupplier Portal allows an attacker with low-level privileges and network access via HTTP to exploit the portal. Successful exploitation can lead to unauthorized access to sensitive data or even full access to all data accessible through the iSupplier Portal. Vulnerable versions range from 12.2.7 to 12.2.14. Organizations utilizing this product should evaluate their security posture and apply necessary patches.

Affected Version(s)

Oracle iSupplier Portal 12.2.7 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-30692 : Remote Code Execution in Oracle iSupplier Portal of Oracle E-Business Suite