CVE-2025-21517

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 21, 2025

Updated: Jan 22, 2025

CWE ID 863

Summary

CVE-2025-21517 is a vulnerability affecting Oracle JD Edwards EnterpriseOne Tools (Web Runtime SEC) prior to version 9.2.9.0. This issue allows a low-privileged attacker with network access to compromise the software via HTTP. Successfully exploited attacks may result in unauthorized data manipulation, leading to insert, update, or delete access to certain JD Edwards EnterpriseOne Tools data. The impact is classified as integrity, with a CVSS Base Score of 4.3. Attackers can exploit this vulnerability without user interaction and with a low level of access to the system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Oracle JD Edwards EnterpriseOne Tools

Affected Vendors

BonqDAO

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners