Vulnerability in JD Edwards EnterpriseOne Tools by Oracle
CVE-2025-30760

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Jd Edwards Enterpriseone Tools
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-30760?

A vulnerability has been identified in the JD Edwards EnterpriseOne Tools product from Oracle, specifically within the Web Runtime SEC component. This issue allows low-privileged attackers with network access via HTTP to exploit the system, potentially leading to unauthorized updates, inserts, or deletions of accessible data. Additionally, attackers could gain unauthorized read access to a subset of the system's data, compromising both confidentiality and integrity. Versions affected range from 9.2.0.0 to 9.2.9.3, presenting a significant risk for organizations utilizing this software.

Affected Version(s)

JD Edwards EnterpriseOne Tools 9.2.0.0 <= 9.2.9.3

References

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Mar 26, 2025