CVE-2025-61749
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | database_server | From 23.4 (inc) to 23.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Unified Audit component of Oracle Database Server versions 23.4 to 23.9. It allows a high privileged attacker with DBA privileges and network access via Oracle Net to compromise the Unified Audit. Specifically, the attacker can perform unauthorized update, insert, or delete operations on some of the data accessible by Unified Audit.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with DBA privileges and network access to modify audit data in the Unified Audit component. This unauthorized modification can undermine the integrity of audit logs, potentially hiding malicious activities or tampering with audit records.