CRITICAL🇵🇱 Wersja polska

CVE-2025-30727

CVSS 9.8v3.1pub. 2025-04-15upd. 2025-04-28

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in takeover of Oracle Scripting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

🤖 AI Analysis
How it works

The vulnerability classified as CWE-306 (missing required authentication for critical function) allows an attacker to access sensitive system functions without providing any credentials. The attack is carried out over the network via HTTP protocol, requires no user interaction or special privileges. Due to the low attack complexity (AC:L), exploitation is simple and repeatable.

Impact

Successful attack leads to complete takeover of the Oracle Scripting component — the attacker gains full control over the confidentiality, integrity, and availability of the system, corresponding to a takeover scenario of the attacked instance.

Mitigation & patch

Apply patches available from the vendor according to references — Oracle Critical Patch Update from April 2025 (https://www.oracle.com/security-alerts/cpuapr2025.html). Until the patch is implemented, it is recommended to restrict network access to the iSurvey Module through a firewall or network-level access control.

Who is affected

Oracle E-Business Suite, Oracle Scripting product, iSurvey Module component — versions 12.2.3 through 12.2.14 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle E Business Suite

    APP
    Oracle
    12.2.3 – 12.2.14
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2022-21587CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component:...

CVE-2026-46817CRITICAL9.8PL ✓ten sam produkt

Krytyczna podatność Auth Bypass w Oracle Payments (E-Business Suite)

CVE-2026-46819CRITICAL9.1PL ✓ten sam produkt

Krytyczny Auth Bypass w Oracle Internet Procurement Connector (E-Business Suite)

CVE-2019-2489CRITICAL9.1ten sam produkt

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Que...

CVE-2019-2453CRITICAL9.1ten sam produkt

Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Perform...