CVE-2025-61885
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | life_sciences_inform | 7.0.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Life Sciences InForm product, specifically in its Web Server component version 7.0.1.0. It allows a low privileged attacker with network access via HTTP to exploit the system easily and gain unauthorized read access to some of the data accessible through Oracle Life Sciences InForm.
How can this vulnerability impact me? :
The impact of this vulnerability is unauthorized disclosure of some data within Oracle Life Sciences InForm. An attacker could read sensitive information without proper authorization, potentially leading to data breaches or exposure of confidential information.