Vulnerability in Oracle BI Publisher by Oracle
CVE-2025-30723

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Bi Publisher
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability exists in Oracle BI Publisher within the Oracle Analytics framework, specifically affecting versions 7.6.0.0.0 and 12.2.1.4.0. This weakness allows a low-privileged attacker with network access via HTTP to exploit the system. Successful attacks can compromise the integrity of accessible data by enabling unauthorized updates, inserts, or deletions. Furthermore, it may allow attackers to initiate a partial denial of service, potentially disrupting the availability of the service. Users of impacted versions are advised to implement appropriate security measures promptly.

Affected Version(s)

Oracle BI Publisher 7.6.0.0.0

Oracle BI Publisher 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025