CVE-2025-21586

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Apr 15, 2025

Updated: Apr 17, 2025

CWE ID 284

Summary

CVE-2025-21586 is a vulnerability affecting the Oracle JD Edwards EnterpriseOne Tools product (Web Runtime SEC component), specifically versions 9.2.0.0-9.2.9.2. This issue allows a low-privileged attacker with network access via HTTP to compromise the system, leading to potential unauthorized data access. Successful attacks require human interaction, and may impact additional products beyond JD Edwards EnterpriseOne Tools. The vulnerability has a CVSS 3.1 Base Score of 5.4, indicating low to medium severity for both confidentiality and integrity. Attackers can gain unauthorized read, insert, or delete access to certain JD Edwards EnterpriseOne Tools data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Oracle JD Edwards EnterpriseOne Tools

Affected Vendors

Oracle

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners