CVE-2025-21532

{"id": "CVE-2025-21532", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-01-21T21:15:19.107", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2025.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Analytics Desktop de Oracle Analytics (componente: Instalaci\u00f3n). Las versiones compatibles afectadas son anteriores a la 8.1.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios que inicie sesi\u00f3n en la infraestructura donde se ejecuta Oracle Analytics Desktop ponga en peligro Oracle Analytics Desktop. Los ataques exitosos de esta vulnerabilidad pueden provocar la toma de control de Oracle Analytics Desktop. Puntuaci\u00f3n base CVSS 3.1: 7,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}], "lastModified": "2025-07-02T16:33:48.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DD65911-95F0-4859-9435-8CB7CC7AA918", "versionEndExcluding": "8.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}