Web Runtime Security Flaw in JD Edwards EnterpriseOne by Oracle
CVE-2025-30740

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 15 April 2025

Summary

A vulnerability has been identified in Oracle's JD Edwards EnterpriseOne Tools, particularly affecting the Web Runtime Security component. This flaw can be exploited by attackers with low privileges and network access via HTTP, enabling them to gain unauthorized access to sensitive data. Once compromised, the attacker may obtain full access to all data within the JD Edwards EnterpriseOne Tools environment, posing significant risks to organizations relying on this software for business operations.

Affected Version(s)

JD Edwards EnterpriseOne Tools 9.2.0.0 <= 9.2.9.2

References

https://www.oracle.com/security-alerts/cpuapr2025.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Mar 25, 2025