CVE-2025-21532
Published: 21 January 2025
Description
Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Security Summary
CVE-2025-21532 is a vulnerability in the Install component of Oracle Analytics Desktop, which is part of the Oracle Analytics product. Supported versions affected by this issue are those prior to 8.1.0. The vulnerability carries a CVSS 3.1 base score of 7.8, with the vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impacts to confidentiality, integrity, and availability. It is associated with CWE-276.
A low-privileged attacker with logon access to the infrastructure where Oracle Analytics Desktop executes can exploit this easily exploitable vulnerability to fully compromise the product. Successful attacks enable takeover of Oracle Analytics Desktop, allowing the attacker to read, modify, or delete data, as well as deny access to the service.
Oracle has published details in its Critical Patch Update advisory at https://www.oracle.com/security-alerts/cpujan2025.html, published on 2025-01-21. Systems prior to version 8.1.0 should be upgraded to mitigate the vulnerability.
Details
- CWE(s)