Vulnerability in Oracle Essbase Web Platform Affects Data Integrity and Confidentiality
CVE-2025-61763

8.1HIGH

Key Information:

Vendor

Oracle
Status
Oracle Essbase
Vendor
CVE Published:
21 October 2025

What is CVE-2025-61763?

A low privileged attacker with network access via HTTP can exploit a vulnerability in the Oracle Essbase Web Platform. This flaw allows for unauthorized creation, deletion, or modification of critical data, posing significant risks to data integrity and confidentiality. Affected users may face complete access to all data accessible through Oracle Essbase, making it essential for organizations to address this vulnerability promptly to safeguard sensitive information.

Affected Version(s)

Oracle Essbase 21.7.3.0.0

References

https://www.oracle.com/security-alerts/cpuoct2025.html
vendor-advisory

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.