Vulnerability in XML Database Component of Oracle Database Server
CVE-2025-30694

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Database Server
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability exists within the XML Database component of Oracle Database Server, affecting versions 19.3-19.26, 21.3-21.17, and 23.4-23.7. This vulnerability can be exploited by low privileged attackers who possess User Account privileges and have network access via HTTP. Exploitation requires the interaction of an external individual which complicates the attack vector. Though the flaw resides in the XML Database, its implications can extend to other associated products. Successful exploitation could enable unauthorized updates, insertions, deletions, and unauthorized read access to specific accessible data within the XML Database. Vigilance and prompt remediation are crucial to mitigative efforts.

Affected Version(s)

Oracle Database Server 19.3 <= 19.26

Oracle Database Server 21.3 <= 21.17

Oracle Database Server 23.4 <= 23.7

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025