CVE-2025-30751

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-30751
Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Oracle Database. Successful attacks of this vulnerability can result in takeover of Oracle Database. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujul2025.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
History

29 Jul 2025, 16:15

Type Values Removed Values Added
Summary (en) Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Oracle Database. Successful attacks of this vulnerability can result in takeover of Oracle Database. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). (en) Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Oracle Database. Successful attacks of this vulnerability can result in takeover of Oracle Database. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

25 Jul 2025, 16:11

Type Values Removed Values Added
First Time Oracle database Server
Oracle
CPE cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*
References () https://www.oracle.com/security-alerts/cpujul2025.html - () https://www.oracle.com/security-alerts/cpujul2025.html - Patch, Vendor Advisory

16 Jul 2025, 15:15

Type Values Removed Values Added
CWE CWE-863

16 Jul 2025, 14:59

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad en el componente Oracle Database de Oracle Database Server. Las versiones compatibles afectadas son 19.3-19.27 y 23.4-23.8. Esta vulnerabilidad, fácilmente explotable, permite a un atacante con privilegios bajos, con privilegios para crear sesión y procedimiento y acceso a la red a través de Oracle Net, comprometer Oracle Database. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle Database. Puntuación base de CVSS 3.1: 8.8 (impactos en confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

15 Jul 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-15 20:15

Updated : 2025-07-29 16:15

NVD link : CVE-2025-30751

Mitre link : CVE-2025-30751

CVE.ORG link : CVE-2025-30751

JSON object : View

Products Affected

oracle

  • database_server
CWE
CWE-863

Incorrect Authorization