CVE-2025-21489

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data as well as unauthorized read access to a subset of Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2025.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*

History

23 Jun 2025, 15:21

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:e-business_suite::::::::
References	~~() https://www.oracle.com/security-alerts/cpujan2025.html -~~	() https://www.oracle.com/security-alerts/cpujan2025.html - Vendor Advisory
First Time		Oracle e-business Suite Oracle

23 Jan 2025, 20:15

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad en el producto Oracle Advanced Outbound Telephony de Oracle E-Business Suite (componente: Region Mapping). Las versiones compatibles afectadas son 12.2.3-12.2.10. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante no autenticado con acceso a la red a través de HTTP ponga en peligro Oracle Advanced Outbound Telephony. Los ataques exitosos requieren la interacción humana de una persona distinta del atacante y, si bien la vulnerabilidad se encuentra en Oracle Advanced Outbound Telephony, los ataques pueden afectar significativamente a otros productos (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la actualización, inserción o eliminación no autorizada de algunos datos accesibles de Oracle Advanced Outbound Telephony, así como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Advanced Outbound Telephony. Puntuación base CVSS 3.1 6.1 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CWE		CWE-352

21 Jan 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-21 21:15

Updated : 2025-06-23 15:21

NVD link : CVE-2025-21489

Mitre link : CVE-2025-21489

CVE.ORG link : CVE-2025-21489

JSON object : View

Products Affected

oracle

e-business_suite

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

6.1 /10