Unauthenticated Network Access Vulnerability in Oracle Database Server's Portable Clusterware
CVE-2025-53047

5.8MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Database Server
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-53047?

A vulnerability exists in the Portable Clusterware component of Oracle Database Server, enabling an unauthenticated attacker with network access via Bonjour to exploit this weakness. This flaw primarily affects versions ranging from 19.3 to 19.28, 21.3 to 21.19, and 23.4 to 23.9. The exploitation can lead to unauthorized read access to certain data within Portable Clusterware, potentially impacting other products as well. Addressing this vulnerability is critical for maintaining the integrity and confidentiality of your database environment.

Affected Version(s)

Oracle Database Server 19.3 <= 19.28

Oracle Database Server 21.3 <= 21.19

Oracle Database Server 23.4 <= 23.9

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Jun 24, 2025

JSON