PT-2025-4254 · Oracle · Oracle Analytics Desktop
Arjun Giri
·
Published
2025-01-21
·
Updated
2025-07-02
·
CVE-2025-21532
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Oracle Analytics Desktop versions prior to 8.1.0
Description
The issue is related to a vulnerability in the Oracle Analytics Desktop product, specifically in the Install component. This vulnerability can be easily exploited by a low-privileged attacker with logon access to the infrastructure where Oracle Analytics Desktop is executed, potentially leading to the takeover of Oracle Analytics Desktop. The vulnerability affects the confidentiality, integrity, and availability of the system.
Recommendations
For versions prior to 8.1.0, update to version 8.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Install component to minimize the risk of exploitation. Additionally, ensure that only authorized personnel have logon access to the infrastructure where Oracle Analytics Desktop is executed.
Fix
Incorrect Authorization
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Oracle Analytics Desktop