Vulnerability in Oracle Hyperion Financial Reporting Affects Workspace Component
CVE-2025-50108

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Hyperion Financial Reporting
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-50108?

An exploitable vulnerability has been identified in the Oracle Hyperion Financial Reporting product, specifically within the Workspace component. This flaw allows low-privileged attackers with network access via HTTP to potentially compromise the financial reporting system. Successful exploitation requires human interaction from a user other than the attacker, which could lead to various unauthorized actions such as updates, inserts, or deletions of accessible data. Additionally, it may enable unauthorized read access to a subset of sensitive data within the Oracle Hyperion Financial Reporting environment. The impact of this vulnerability can extend beyond the affected product, causing significant implications for overall data integrity and confidentiality.

Affected Version(s)

Oracle Hyperion Financial Reporting 11.2.20.0.000

References

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jun 11, 2025