PT-2025-42988 · Oracle · Oracle Life Sciences Inform

Published

2025-10-21

Updated

2025-10-24

CVE-2025-62287

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle Life Sciences InForm version 7.0.1.0

Description An easily exploitable issue exists in the Oracle Life Sciences InForm Web Server component. An unauthenticated attacker with network access via HTTP can compromise the system. Successful attacks require interaction from a user other than the attacker. While the issue is in Oracle Life Sciences InForm, attacks may impact additional products. Successful exploitation can lead to unauthorized data modification, insertion, deletion, and read access.

Recommendations Update Oracle Life Sciences InForm to a newer version that addresses this issue.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2025-62287

Affected Products

Oracle Life Sciences Inform

PT-2025-42988 · Oracle · Oracle Life Sciences Inform

CVE-2025-62287

Weakness Enumeration

Related Identifiers

Affected Products

References · 7