CVE-2025-50069
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-08-04
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | java_virtual_machine | From 19.3 (inc) to 19.27 (inc) |
| oracle | java_virtual_machine | From 21.3 (inc) to 21.18 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Java VM component of Oracle Database Server versions 19.3-19.27 and 21.3-21.18. It allows a low privileged attacker who has Create Session and Create Procedure privileges and network access via Oracle Net to compromise the Java VM. The vulnerability can lead to unauthorized access to critical data or complete access to all data accessible by the Java VM.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with limited privileges to gain unauthorized access to critical data within the Oracle Database Server's Java VM component. This could result in exposure of sensitive information or compromise of all data accessible through the Java VM, potentially affecting the confidentiality of your data.