CVE-2025-53037
Published: 21 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-53037 is a critical vulnerability in the Platform component of Oracle Financial Services Analytical Applications Infrastructure, part of the Oracle Financial Services Applications product suite. The affected versions are 8.0.7.9, 8.0.8.7, and 8.1.2.5. This easily exploitable issue, associated with CWE-306 (Missing Authentication for Critical Function), carries a CVSS 3.1 base score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting high impacts to confidentiality, integrity, and availability.
An unauthenticated attacker with network access via HTTP can exploit this vulnerability to fully compromise the Oracle Financial Services Analytical Applications Infrastructure, enabling takeover of the affected component.
The official mitigation guidance is detailed in Oracle's Critical Patch Update advisory for October 2025, available at https://www.oracle.com/security-alerts/cpuoct2025.html.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote exploitation over HTTP of a public-facing application component, directly mapping to T1190: Exploit Public-Facing Application.