CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2025-53037

CVSS 9.8v3.1pub. 2025-10-21upd. 2025-10-23

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

πŸ€– AI Analysis
How it works

The vulnerability classified as CWE-306 (Missing Authentication for Critical Function) means that critical functions of the Platform component are accessible without any authentication. An attacker with network access to the system can send HTTP requests directly to protected resources, bypassing access control mechanisms. No credentials or user interaction are required, making the attack fully automated.

Impact

Successful exploitation of this vulnerability leads to complete takeover of the Oracle Financial Services Analytical Applications Infrastructure system, including breach of confidentiality, integrity, and availability of data. Attackers can gain unauthorized access to sensitive financial and analytical data, modify it, and cause service unavailability (DoS).

Mitigation & patch

Apply patches available from the vendor in accordance with references published as part of the Oracle Critical Patch Update from October 2025: https://www.oracle.com/security-alerts/cpuoct2025.html. Until the update is applied, it is recommended to restrict network access to the Platform component exclusively to trusted hosts at the firewall level and to monitor HTTP traffic directed to the system.

Who is affected

Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 (component: Platform).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Financial Services Analytical Applications Infrastructure

    APP
    Oracle
    8.0.7.9.08.0.8.7.08.1.2.5.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2021-26291CRITICAL9.1ten sam produkt

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may ...

CVE-2020-10683CRITICAL9.8ten sam produkt

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might e...

CVE-2020-9546CRITICAL9.8ten sam produkt

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and ty...

CVE-2025-53037 β€” Oracle β€” Financial Services Analytical Applications Infrastructure β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl