CVE-2025-21578

Published: Apr 15, 2025Modified: Apr 17, 2025

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: secalert_us@oracle.com (Secondary)

Description

Vulnerability in Oracle Secure Backup (component: General). Supported versions that are affected are 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 and 18.1.0.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Affected (6)

Products: Oracle: Secure Backup

Oracle

1 product

Secure Backup

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Oracle Secure Backup	Version 12.1.0.1
Oracle Secure Backup	Version 12.1.0.2
Oracle Secure Backup	Version 12.1.0.3
Oracle Secure Backup	Version 18.1.0.0
Oracle Secure Backup	Version 18.1.0.1
Oracle Secure Backup	Version 18.1.0.2

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

https://www.oracle.com/security-alerts/cpuapr2025.html

Source: secalert_us@oracle.com

PatchVendor Advisory

Timeline

No history available yet.