Unauthenticated Access Vulnerability in Oracle E-Business Suite CRM User Management Framework
CVE-2025-30716

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Common Applications
Vendor: CVE Published:; 15 April 2025

Summary

The vulnerability within the Oracle E-Business Suite's CRM User Management Framework allows unauthenticated attackers to exploit network access via HTTP. This can lead to an attacker gaining unauthorized access to sensitive information, potentially compromising the data integrity and confidentiality of the entire system's accessible data. Affected users should consider applying available patches and updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Oracle Common Applications 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025