CVE-2025-30708

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-30708
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Supported versions that are affected are 12.2.4-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpuapr2025.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:user_management:*:*:*:*:*:*:*:*
History

26 Jun 2025, 18:57

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:user_management:*:*:*:*:*:*:*:*
First Time Oracle
Oracle user Management
References () https://www.oracle.com/security-alerts/cpuapr2025.html - () https://www.oracle.com/security-alerts/cpuapr2025.html - Vendor Advisory

17 Apr 2025, 18:15

Type Values Removed Values Added
CWE CWE-732

16 Apr 2025, 13:25

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el producto Oracle User Management de Oracle E-Business Suite (componente: Buscar y Registrar Usuarios). Las versiones compatibles afectadas son 12.2.4-12.2.14. Esta vulnerabilidad, fácilmente explotable, permite que un atacante no autenticado con acceso a la red vía HTTP comprometa Oracle User Management. Los ataques con éxito de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos críticos o en el acceso completo a todos los datos accesibles de Oracle User Management. Puntuación base de CVSS 3.1: 7.5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

15 Apr 2025, 21:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-15 21:16

Updated : 2025-06-26 18:57

NVD link : CVE-2025-30708

Mitre link : CVE-2025-30708

CVE.ORG link : CVE-2025-30708

JSON object : View

Products Affected

oracle

  • user_management
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource