Web Access Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle
CVE-2025-50061

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Primavera P6 Enterprise Project Portfolio Management
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-50061?

An easily exploitable vulnerability has been identified in the Web Access component of Oracle's Primavera P6 Enterprise Project Portfolio Management software. This flaw affects multiple versions of the product, allowing attackers with network access to potentially compromise the system. For successful exploitation, human interaction is required, making the vulnerability particularly concerning given its ability to facilitate unauthorized updates, inserts, or deletions of accessible data and unauthorized read access to certain datasets. The implications of such an attack may extend beyond Primavera P6, possibly impacting other related products as well.

Affected Version(s)

Primavera P6 Enterprise Project Portfolio Management 20.12.0 <= 20.12.21

Primavera P6 Enterprise Project Portfolio Management 21.12.0 <= 21.12.21

Primavera P6 Enterprise Project Portfolio Management 22.12.0 <= 22.12.19

References

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jun 11, 2025