PT-2025-42971 · Oracle · Oracle Database Server

Published

2025-10-21

Updated

2025-10-21

CVE-2025-61749

CVSS v3.1

2.7

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 23.4 through 23.9

Description An issue exists within the Unified Audit component of Oracle Database Server. A highly privileged attacker with DBA privilege and network access via Oracle Net can compromise Unified Audit. Successful exploitation may lead to unauthorized modification, insertion, or deletion of data accessible through Unified Audit.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2025-61749

Affected Products

Oracle Database Server

PT-2025-42971 · Oracle · Oracle Database Server

CVE-2025-61749

Weakness Enumeration

Related Identifiers

Affected Products

References · 4