CVE-2025-50066
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | database_server | From 19.3 (inc) to 19.27 (inc) |
| oracle | database_server | From 21.3 (inc) to 21.18 (inc) |
| oracle | database_server | From 23.4 (inc) to 23.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Database Materialized View component of Oracle Database Server versions 19.3-19.27, 21.3-21.18, and 23.4-23.8. It allows a high privileged attacker who has the Execute privilege on DBMS_REDEFINITION and network access via Oracle Net to compromise the Oracle Database Materialized View. The attacker can perform unauthorized update, insert, or delete operations on some accessible data within the materialized views.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with high privileges and network access to modify data in Oracle Database Materialized Views without authorization. This means the attacker could alter, insert, or delete data, potentially leading to data integrity issues and unauthorized data manipulation.