CVE-2025-30745
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | mes_for_process_manufacturing | 12.2.12 |
| oracle | mes_for_process_manufacturing | 12.2.13 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle MES for Process Manufacturing product, specifically in the Device Integration component. It allows an unauthenticated attacker with network access via HTTP to compromise the system. The attack requires a user other than the attacker to interact (human interaction). Successful exploitation can lead to unauthorized reading, updating, inserting, or deleting of some accessible data within Oracle MES for Process Manufacturing. The vulnerability also has a scope change, meaning it may impact additional products beyond the initial component.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker to gain unauthorized access to data within Oracle MES for Process Manufacturing. This includes the ability to read sensitive information and modify data by updating, inserting, or deleting it without authorization. Such unauthorized actions can compromise data integrity and confidentiality, potentially disrupting business processes and causing data loss or corruption.