Web Server Vulnerability in Oracle Life Sciences InForm Product of Oracle Health Sciences Applications
CVE-2025-61885

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Life Sciences Inform
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-61885?

A vulnerability exists in the Oracle Life Sciences InForm product, specifically within its web server component. This issue allows low privileged attackers with network access through HTTP to potentially compromise the confidentiality of Oracle Life Sciences InForm. Successful exploitation can lead to unauthorized read access to certain data within the application, highlighting a significant security concern for affected users.

Affected Version(s)

Oracle Life Sciences InForm 7.0.1.0

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Oct 3, 2025

JSON