CVE-2025-53072
Published: 21 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-53072 is a vulnerability in the Oracle Marketing product of Oracle E-Business Suite, specifically affecting the Marketing Administration component. Supported versions impacted include 12.2.3 through 12.2.14. The issue, associated with CWE-306 (Missing Authentication for Critical Function), carries a CVSS 3.1 Base Score of 9.8 with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating critical impacts to confidentiality, integrity, and availability.
An unauthenticated attacker with network access via HTTP can easily exploit this vulnerability to compromise the Oracle Marketing component. Successful exploitation enables a full takeover of Oracle Marketing, allowing the attacker to potentially read, modify, or delete sensitive data and disrupt service availability.
Oracle's Critical Patch Update for October 2025, detailed at https://www.oracle.com/security-alerts/cpuoct2025.html, provides information on applicable patches and mitigation steps for addressing this vulnerability.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote exploitation over HTTP of a public-facing Oracle Marketing Administration component, directly mapping to T1190: Exploit Public-Facing Application.