Exploitable Vulnerability in Oracle E-Business Suite's Application Object Library
CVE-2025-30732

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Oracle Application Object Library
Vendor
CVE Published:
15 April 2025

Summary

A vulnerability exists in the Oracle Application Object Library component of Oracle E-Business Suite that allows unauthenticated attackers to potentially compromise sensitive data. This flaw is easily exploitable via HTTP, requiring human interaction from a third party. While primarily residing in the Application Object Library, attacks might have broader implications, affecting other interconnected products. Successful exploitation could lead to unauthorized data updates, deletions, and access to confidential data, putting organizational data integrity at risk.

Affected Version(s)

Oracle Application Object Library 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuapr2025.html
vendor-advisory

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-30732 : Exploitable Vulnerability in Oracle E-Business Suite's Application Object Library | SecurityVulnerability.io