CVE-2025-62289
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | zfs_storage_appliance_kit | 8.8 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-267 | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle ZFS Storage Appliance Kit version 8.8. It allows a highly privileged attacker with network access via HTTP to exploit the system easily. The attacker can cause the appliance to hang or crash repeatedly, resulting in a denial of service (DoS) condition.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service (DoS) where the Oracle ZFS Storage Appliance Kit can be caused to hang or crash repeatedly by an attacker with high privileges and network access. This disrupts availability of the storage appliance.