Vulnerability in Oracle E-Business Suite Shopping Cart Component
CVE-2025-53041

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Istore
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-53041?

A vulnerability exists in the Oracle iStore component of Oracle E-Business Suite, which allows an unauthenticated attacker with network access via HTTP to compromise user data. This issue impacts versions 12.2.5 through 12.2.14 of Oracle iStore. Exploiting this vulnerability requires user interaction from a third party, potentially leading to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized read access to certain datasets within Oracle iStore. Although the vulnerability is confined to Oracle iStore, its exploitation could have broader implications for the entire E-Business Suite ecosystem.

Affected Version(s)

Oracle iStore 12.2.5 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Jun 24, 2025

JSON