Unauthenticated Access Vulnerability in Oracle Configurator of Oracle E-Business Suite
CVE-2025-30728

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Configurator
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability has been identified in the Oracle Configurator component of Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.14. This flaw allows an unauthenticated attacker with network access via HTTP to exploit the system, potentially gaining unauthorized access to sensitive data. Successful exploitation can lead to widespread data exposure, impacting the confidentiality of all data accessible through Oracle Configurator. Organizations using affected versions should apply the recommended security updates to mitigate the risk of unauthorized access.

Affected Version(s)

Oracle Configurator 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025