Vulnerability in the Pluggable Authentication Module of Oracle Solaris by Oracle
CVE-2025-30700

3.5LOW

Key Information:

Vendor: Oracle
Status: Oracle Solaris
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability exists in the Pluggable Authentication Module of Oracle Solaris that could allow a low privileged attacker to compromise the system with network access via HTTP. Exploitation of this flaw requires human interaction from an individual other than the attacker, leading to unauthorized read access to sensitive data on Oracle Solaris platforms. Organizations using the affected version are advised to implement security measures to mitigate potential risks.

Affected Version(s)

Oracle Solaris 11

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025