CVE-2025-53072

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Marketing versions 12.2.3 through 12.2.14

Description This issue affects the Oracle Marketing product within Oracle E-Business Suite. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Marketing, potentially leading to a complete takeover of the system. The vulnerability is easily exploitable.

Recommendations For versions 12.2.3 through 12.2.14, apply a patch as soon as possible. Restrict access to the affected component to minimize the risk of exploitation.

Fix

RCE

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2025-53072

Affected Products

Oracle E-Business Suite

Oracle Marketing

CVE-2025-53072

Weakness Enumeration

Related Identifiers

Affected Products

References · 19