Oracle E-Business Suite Orders Component Vulnerability in Oracle Configurator
CVE-2025-30720

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Configurator
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability in the Oracle Configurator component of the Oracle E-Business Suite allows unauthenticated network access, enabling potential attackers to compromise data. While the vulnerability itself lies within Oracle Configurator, successful exploitation can have broader implications, affecting other products. Attackers may gain unauthorized access for update, insertion, or deletion operations of data within the application's scope, as well as the ability to read certain data. The nature of this vulnerability necessitates human interaction from an individual other than the attacker, making it a targeted concern for organizations using the affected versions.

Affected Version(s)

Oracle Configurator 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025