CVE-2025-21556

Name of the Vulnerable Software and Affected Versions Oracle Agile PLM Framework version 9.3.6

Description The issue is related to insufficient input validation in the Agile Integration Services component, allowing a low-privileged attacker with network access via HTTP to compromise the Oracle Agile PLM Framework. This can result in the takeover of the system, impacting confidentiality, integrity, and availability. The vulnerability is easily exploitable and can significantly affect additional products. Oracle has released a patch to address this flaw as part of its January 2025 Critical Patch Update, which includes fixes for 318 vulnerabilities across its products.

Recommendations For version 9.3.6, update to a newer version that includes the fix for this issue, as provided in Oracle's January 2025 Critical Patch Update. As a temporary workaround, consider restricting access to the Agile Integration Services component to minimize the risk of exploitation. Avoid using the vulnerable component until the issue is resolved.