CVE-2025-21565

Name of the Vulnerable Software and Affected Versions Oracle Agile PLM Framework version 9.3.6

Description The vulnerability in the Oracle Agile PLM Framework is related to weaknesses in the authorization mechanism of the Install component. This issue can be exploited by a remote attacker to disclose protected information using HTTP requests. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data in the Oracle Agile PLM Framework.

Recommendations For version 9.3.6, update to a newer version that contains a fix for this issue, as the current version allows unauthenticated attackers with network access via HTTP to compromise the Oracle Agile PLM Framework. At the moment, there is no information about a newer version that contains a fix for this vulnerability.