CVE-2025-21517

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0

Description The issue is related to a vulnerability in the Web Runtime SEC component of JD Edwards EnterpriseOne Tools, which can be exploited by a low-privileged attacker with network access via HTTP. This vulnerability allows unauthorized update, insert, or delete access to some of JD Edwards EnterpriseOne Tools' accessible data. The vulnerability is associated with weaknesses in the authorization mechanism, potentially enabling a remote attacker to read, modify, and delete files.

Recommendations For versions prior to 9.2.9.0, update to version 9.2.9.0 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.