PT-2025-42957 · Oracle · Jd Edwards+1

Published

2025-10-21

Updated

2025-10-21

CVE-2025-53060

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards versions 9.2.0.0 through 9.2.9.4

Description An easily exploitable issue exists in the Web Runtime SEC component of Oracle JD Edwards EnterpriseOne Tools. An unauthenticated attacker with network access via HTTP can compromise the system. Successful attacks require interaction from a user other than the attacker and may impact additional products. Successful exploitation can lead to unauthorized data modification, insertion, deletion, and read access to some data accessible through JD Edwards EnterpriseOne Tools.

Recommendations Update JD Edwards EnterpriseOne Tools to a version later than 9.2.9.4.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

BDU:2025-15866

CVE-2025-53060

Affected Products

Jd Edwards

Jd Edwards Enterpriseone Tools

PT-2025-42957 · Oracle · Jd Edwards+1

CVE-2025-53060

Weakness Enumeration

Related Identifiers

Affected Products

References · 5