Vulnerability in Oracle Business Intelligence Enterprise Edition by Oracle
CVE-2025-53049

8.4HIGH

Key Information:

Vendor: Oracle
Status: Oracle Business Intelligence Enterprise Edition
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-53049?

A significant vulnerability has been identified in Oracle Business Intelligence Enterprise Edition, allowing a high-privileged attacker with network access to potentially compromise the system through the Analytics Web Administration component. This vulnerability necessitates interaction from a user not affiliated with the attacker, which complicates exploitation. While the direct impact is on Oracle Business Intelligence Enterprise Edition, the ramifications could extend to other interconnected products, highlighting the necessity for immediate attention and mitigation strategies to prevent unauthorized takeover and protect data integrity.

Affected Version(s)

Oracle Business Intelligence Enterprise Edition 7.6.0.0.0

Oracle Business Intelligence Enterprise Edition 8.2.0.0.0

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Jun 24, 2025

JSON