RDBMS Listener Vulnerability in Oracle Database Server
CVE-2025-30733

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Database Server
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability exists within the RDBMS Listener component of Oracle Database Server that can be exploited by an unauthenticated attacker with network access to the Oracle Net. This vulnerability allows attackers to initiate actions on the RDBMS Listener, potentially leading to unauthorized access to sensitive data. Successful exploitation requires interaction from another user, which presents a unique challenge for mitigation. Users are advised to apply the latest security updates to counteract this vulnerability and safeguard their data.

Affected Version(s)

Oracle Database Server 19.3 <= 19.26

Oracle Database Server 21.3 <= 21.17

Oracle Database Server 23.4 <= 23.7

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025