BaseFortify

Publication date: 2025-10-21

Last updated on: 2025-10-23

Assigner: Oracle

Description

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-10-21

Last Modified

2025-10-23

Generated

2026-06-30

AI Q&A

2025-10-21

EPSS Evaluated

2026-06-29

NVD

CVE-2025-62480

EUVD

EUVD-2025-35228

Affected Vendors & Products

Vendor	Product	Version / Range
oracle	zfs_storage_appliance_kit	8.8

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-267	A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Attack-Flow Graph

Executive Summary

This vulnerability exists in the Oracle ZFS Storage Appliance Kit, specifically in the Naming Subsystem component. It affects version 8.8 and allows a high privileged attacker with network access via HTTP to exploit it easily. The attacker can cause a partial denial of service (partial DOS) on the Oracle ZFS Storage Appliance Kit.

Impact Analysis

The impact of this vulnerability is that an attacker with high privileges and network access can cause a partial denial of service on the Oracle ZFS Storage Appliance Kit, potentially disrupting availability of the service.

Hi! I’m here to help you understand CVE-2025-62480. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70