CVE-2025-53041
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | istore | From 12.2.5 (inc) to 12.2.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle iStore product of Oracle E-Business Suite, specifically in the Shopping Cart component for versions 12.2.5 through 12.2.14. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle iStore. The attack requires human interaction from someone other than the attacker. Successful exploitation can lead to unauthorized reading, updating, inserting, or deleting of some data accessible through Oracle iStore. The vulnerability impacts confidentiality and integrity but not availability.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow unauthorized parties to read, modify, insert, or delete data within Oracle iStore. This could lead to data breaches, data corruption, or unauthorized changes to business information, potentially affecting business operations and trust in the system. Additionally, because the scope of the attack may extend beyond Oracle iStore, other related products could also be impacted.