CVE-2025-50067
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | application_express | 24.2.4 |
| oracle | application_express | 24.2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle Application Express, specifically in the Strategic Planner Starter App component for versions 24.2.4 and 24.2.5. It allows a low privileged attacker with network access via HTTP to compromise the application. The attack requires human interaction from someone other than the attacker. Successful exploitation can lead to a complete takeover of Oracle Application Express and may affect additional products.
How can this vulnerability impact me? :
The vulnerability can lead to a full compromise of Oracle Application Express, impacting confidentiality, integrity, and availability of the system. This means sensitive data could be exposed or altered, and the application could be disrupted or controlled by an attacker. Additionally, because the scope includes other products, the impact could extend beyond Oracle Application Express.