CVE-2025-21573

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Revenue Management and Billing versions 5.1.0.0.0, 6.1.0.0.0, and 7.0.0.0.0

Description The issue allows a high-privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized access to all accessible data. Additionally, it can lead to a partial denial of service (DOS) of Oracle Financial Services Revenue Management and Billing.

Recommendations For versions 5.1.0.0.0, 6.1.0.0.0, and 7.0.0.0.0, consider restricting access to the Chatbot component until a patch is available. As a temporary workaround, consider disabling the HTTP access to the Oracle Financial Services Revenue Management and Billing product until a fix is provided. Restrict access to critical data and ensure that all users with access to the system are trusted and monitored to minimize the risk of exploitation.