PT-2025-42998 · Oracle · Oracle Marketing+1
Published
2025-10-21
·
Updated
2025-11-17
·
CVE-2025-62481
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Oracle Marketing versions 12.2.3 through 12.2.14
Description
An easily exploitable issue exists in the Oracle Marketing component of Oracle E-Business Suite. An unauthenticated attacker with network access via HTTP can compromise Oracle Marketing, potentially leading to a complete takeover of the system. The issue allows for remote code execution.
Recommendations
For versions 12.2.3 through 12.2.14, restrict network access to the affected component.
Exploit
Fix
RCE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle E-Business Suite
Oracle Marketing