RDBMS Listener Vulnerability in Oracle Database Server
CVE-2025-30733

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Database Server
Vendor: CVE Published:; 15 April 2025

Badges

📰 News Worthy

What is CVE-2025-30733?

A vulnerability exists within the RDBMS Listener component of Oracle Database Server that can be exploited by an unauthenticated attacker with network access to the Oracle Net. This vulnerability allows attackers to initiate actions on the RDBMS Listener, potentially leading to unauthorized access to sensitive data. Successful exploitation requires interaction from another user, which presents a unique challenge for mitigation. Users are advised to apply the latest security updates to counteract this vulnerability and safeguard their data.

Affected Version(s)

Oracle Database Server 19.3 <= 19.26

Oracle Database Server 21.3 <= 21.17

Oracle Database Server 23.4 <= 23.7

News Articles

GBHackers News

CVE-2025-30733

Oracle TNS Flaw Exposes System Memory to Unauthorized Access

Oracle has addressed a significant security flaw in its Transparent Network Substrate (TNS) protocol, used for database communications, with the release of a patch on April 15, 2025. The vulnerability, tracked as CVE-2025-30733, could allow unauthenticated remote attackers to access sensitive system...

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by GBHackers News
May 26, 2025
Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025