Vulnerability in Oracle Workflow of Oracle E-Business Suite
CVE-2025-53052

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Workflow
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-53052?

A vulnerability exists in the Oracle Workflow component of Oracle E-Business Suite that could be exploited by an unauthenticated attacker with network access over HTTP. Although successful exploitation requires human interaction from someone other than the attacker, it can lead to unauthorized updates, insertions or deletions of Oracle Workflow accessible data, as well as unauthorized read access to some of this data. This vulnerability poses a significant risk as it may affect not only Oracle Workflow but also other products interconnected with it.

Affected Version(s)

Oracle Workflow 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Jun 24, 2025

JSON