CVE-2025-21541

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 21, 2025

Updated: Jan 22, 2025

CWE ID 281

Summary

CVE-2025-21541 is a vulnerability affecting the Oracle Workflow component of Oracle E-Business Suite, versions 12.2.3 to 12.2.14. This issue enables a low-privileged attacker with network access to compromise Oracle Workflow via HTTP. Successful exploitation can result in unauthorized updates, inserts, or deletes to some data, and unauthorized read access to a subset of data. The Base Score, according to the Common Vulnerability Scoring System (CVSS), is 5.4 for Confidentiality and Integrity impacts. The vulnerability can be exploited remotely with low complexity.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Oracle E-Business Suite

Affected Vendors

Oracle Corp

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners