PT-2025-42969 · Oracle · Oracle E-Business Suite+1
Published
2025-10-21
·
Updated
2025-11-17
·
CVE-2025-53072
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Oracle Marketing versions 12.2.3 through 12.2.14
Description
This issue affects the Oracle Marketing product within Oracle E-Business Suite. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Marketing, potentially leading to a complete takeover of the system. The vulnerability is easily exploitable.
Recommendations
For versions 12.2.3 through 12.2.14, apply a patch as soon as possible. Restrict access to the affected component to minimize the risk of exploitation.
Exploit
Fix
RCE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle E-Business Suite
Oracle Marketing