Vulnerability in Oracle Applications Framework of Oracle E-Business Suite
CVE-2025-30711

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Applications Framework
Vendor: CVE Published:; 15 April 2025

Summary

The vulnerability affects the Oracle Applications Framework component within the Oracle E-Business Suite, specifically during the file upload process. An attacker with low privileges can exploit this vulnerability remotely over HTTP, requiring user interaction from someone other than the attacker. This exploit can lead to unauthorized modifications, such as updates, inserts, or deletions of data within Oracle Applications Framework. Furthermore, there’s potential for unauthorized reading of some accessible data, significantly impacting other interconnected products.

Affected Version(s)

Oracle Applications Framework 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025