CVE-2025-61754
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | bi_publisher | 7.6.0.0.0 |
| oracle | bi_publisher | 8.2.0.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-267 | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle BI Publisher product of Oracle Analytics, specifically in the Web Service API component. It affects versions 7.6.0.0.0 and 8.2.0.0.0. The vulnerability is easily exploitable by a low privileged attacker who has network access via HTTP. Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible by Oracle BI Publisher.
How can this vulnerability impact me? :
The impact of this vulnerability is unauthorized access to critical or all data accessible through Oracle BI Publisher. This means sensitive or important information could be exposed to attackers without proper authorization, potentially leading to data breaches or loss of confidentiality.