PT-2025-42946 · Oracle · Oracle Business Intelligence Enterprise Edition
Published
2025-10-21
·
Updated
2025-10-22
·
CVE-2025-53049
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle Business Intelligence Enterprise Edition versions 7.6.0.0.0 through 8.2.0.0.0
Description
A readily exploitable issue exists in Oracle Business Intelligence Enterprise Edition, specifically within the Analytics Web Administration component. An attacker with high privileges and network access via HTTP can compromise the software. Exploitation requires interaction from a user other than the attacker, and successful attacks may impact other products. Successful exploitation can lead to a complete takeover of Oracle Business Intelligence Enterprise Edition.
Recommendations
Update Oracle Business Intelligence Enterprise Edition version 7.6.0.0.0 to a later version.
Update Oracle Business Intelligence Enterprise Edition version 8.2.0.0.0 to a later version.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Business Intelligence Enterprise Edition