CVE-2025-30759
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-15

Last updated on: 2025-07-24

Assigner: Oracle

Description
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Security). Supported versions that are affected are 7.6.0.0.0, 8.2.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-15
Last Modified
2025-07-24
Generated
2026-05-07
AI Q&A
2025-07-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-30759
EUVD
EUVD-2025-21522
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
oracle business_intelligence 7.6.0.0.0
oracle business_intelligence 8.2.0.0.0
oracle business_intelligence 12.2.1.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects Oracle Business Intelligence Enterprise Edition in certain versions. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the system. The attack requires a user other than the attacker to interact (human interaction). Successful exploitation can lead to unauthorized reading, updating, inserting, or deleting of some accessible data within the product.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized access and modification of data within Oracle Business Intelligence Enterprise Edition. This means sensitive data could be read without permission or altered/deleted by an attacker, potentially causing data integrity issues and exposing confidential information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart