CVE-2025-21569

Name of the Vulnerable Software and Affected Versions Oracle Hyperion Data Relationship Management version 11.2.19.0.000

Description The issue is related to the Web Services component of Oracle Hyperion Data Relationship Management, allowing a high-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of Oracle Hyperion Data Relationship Management. The vulnerability is difficult to exploit and can be used by an attacker to gain full control over the application remotely using the HTTP protocol.

Recommendations For version 11.2.19.0.000, consider applying security patches or updates to fix the vulnerability in the Web Services component. As a temporary workaround, restrict access to the Web Services component to minimize the risk of exploitation. Additionally, review and strengthen the authorization mechanism to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.