CVE-2025-21578

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Secure Backup versions 12.1.0.1 through 12.1.0.3 Oracle Secure Backup versions 18.1.0.0 through 18.1.0.2

Description The issue allows a high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to compromise Oracle Secure Backup. Successful attacks can result in takeover of Oracle Secure Backup.

Recommendations For versions 12.1.0.1 through 12.1.0.3, update to a version that fixes this issue. For versions 18.1.0.0 through 18.1.0.2, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Oracle Secure Backup infrastructure to minimize the risk of exploitation.

Fix

Incorrect Permission

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-20

Related Identifiers

BDU:2025-06666

CVE-2025-21578

Affected Products

Oracle Secure Backup

CVE-2025-21578

Weakness Enumeration

Related Identifiers

Affected Products

References · 5