Unauthenticated Access Vulnerability in Oracle Configurator of Oracle E-Business Suite
CVE-2025-30728

7.5HIGH

Key Information:

Vendor: Oracle
Status: Oracle Configurator
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-30728?

A vulnerability has been identified in the Oracle Configurator component of Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.14. This flaw allows an unauthenticated attacker with network access via HTTP to exploit the system, potentially gaining unauthorized access to sensitive data. Successful exploitation can lead to widespread data exposure, impacting the confidentiality of all data accessible through Oracle Configurator. Organizations using affected versions should apply the recommended security updates to mitigate the risk of unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Oracle Configurator 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025

JSON

Oracle

What is CVE-2025-30728?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.