Security Vulnerability in Oracle Database Server's RAS Security Component
CVE-2025-30701

7.3HIGH

Key Information:

Vendor: Oracle
Status: Oracle Database Server
Vendor: CVE Published:; 15 April 2025

Summary

A security vulnerability exists in the RAS Security component of Oracle Database Server that can be exploited by low-privileged attackers with User Account access and network connectivity. Exploiting this vulnerability enables unauthorized creation, deletion, or alteration of critical data. Notably, such exploitation necessitates human interaction from a third party without requiring direct action from the attacker. This poses a risk of significant data compromise, potentially allowing access to vital information protected by RAS Security.

Affected Version(s)

Oracle Database Server 19.3 <= 19.26

Oracle Database Server 21.3 <= 21.17

Oracle Database Server 23.4 <= 23.7

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025