CVE-2025-21532

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-21532
Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujan2025.html
Configurations

No configuration.

History

18 Mar 2025, 20:15

Type Values Removed Values Added
CWE CWE-276

18 Feb 2025, 21:15

Type Values Removed Values Added
CWE CWE-863

22 Jan 2025, 18:15

Type Values Removed Values Added
CWE CWE-863
Summary
  • (es) Vulnerabilidad en el producto Oracle Analytics Desktop de Oracle Analytics (componente: Instalación). Las versiones compatibles afectadas son anteriores a la 8.1.0. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante con pocos privilegios que inicie sesión en la infraestructura donde se ejecuta Oracle Analytics Desktop ponga en peligro Oracle Analytics Desktop. Los ataques exitosos de esta vulnerabilidad pueden provocar la toma de control de Oracle Analytics Desktop. Puntuación base CVSS 3.1: 7,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

21 Jan 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-21 21:15

Updated : 2025-03-18 20:15

NVD link : CVE-2025-21532

Mitre link : CVE-2025-21532

CVE.ORG link : CVE-2025-21532

JSON object : View

Products Affected

No product.

CWE
CWE-276

Incorrect Default Permissions