DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2025-21532

High

Low Medium High Critical

7.8

CVSS Score

Published: Jan 21, 2025

Last Modified: Jul 02, 2025

CWE: CWE-276

Vulnerability Description

Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Available Security Patches

1 patch available from vendors

View All Patches

Oracle

CPUJAN2025

Oracle Critical Patch Update Advisory - January 2025

Severity

Critical

Released

Jan 21, 2025

Restart Required

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

https://www.oracle.com/security-alerts/cpujan2025.html
secalert_us@oracle.com Vendor Advisory

Severity Details

7.8

out of 10.0

High

Weakness Type (CWE)

CWE-276

Incorrect Default Permissions

Description: During installation, installed file permissions are set to allow anyone to modify those files.
Exploit Likelihood: Medium
Typical Severity: Medium
Abstraction Level: Base