CVE-2025-21553

CVSS 3.1 Score 4.2 of 10 (medium)

Details

Published Jan 21, 2025

Summary

CVE-2025-21553 is a vulnerability affecting the Java VM component in Oracle Database Server. Affected versions include 19.3-19.25, 21.3-21.16, and 23.4-23.6. This issue allows a low-privileged attacker with Create Session and Create Procedure privileges and network access via Oracle Net to compromise the Java VM. Successful exploitation can result in unauthorized updates, inserts, or deletes to some Java VM accessible data, as well as unauthorized reads to a subset of that data. The Base Score of this vulnerability, according to the Common Vulnerability Scoring System version 3.1, is 4.2 for both confidentiality and integrity impacts. The attack vector is classified as network (N), attack complexity is high (H), privilege required is low (L), user interaction is not required (N), scope is unchanged (S), confidentiality impact is low (L), integrity impact is low (L), and availability impact is not applicable (N).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Oracle Database Server

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

Know What Matters

For Customers

For Partners