Unauthenticated Access Vulnerability in Oracle E-Business Suite Configuration
CVE-2025-30731

3.6LOW

Key Information:

Vendor: Oracle
Status: Oracle Applications Technology Stack
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability exists in the Oracle Applications Technology Stack of Oracle E-Business Suite, which allows unauthorized access to sensitive information. Attackers with logon access can exploit this vulnerability to perform unauthorized updates, inserts, or deletions of accessible data. Successful exploitation requires human interaction by a person other than the attacker, making it a unique risk. This vulnerability affects multiple supported versions and emphasizes the importance of maintaining robust security practices within the application environment.

Affected Version(s)

Oracle Applications Technology Stack 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025