CVE-2025-21569

Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). The supported version that is affected is 11.2.19.0.000. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Data Relationship Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVSS v3 6.6 MEDIUM

6.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2025.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:hyperion_data_relationship_management:11.2.19.0.000:*:*:*:*:*:*:*

History

23 Jun 2025, 18:01

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpujan2025.html -~~	() https://www.oracle.com/security-alerts/cpujan2025.html - Vendor Advisory
CPE		cpe:2.3:a:oracle:hyperion_data_relationship_management:11.2.19.0.000:::::::*
First Time		Oracle Oracle hyperion Data Relationship Management

04 Feb 2025, 17:15

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad en el producto Oracle Hyperion Data Relationship Management de Oracle Hyperion (componente: Web Services). La versión compatible afectada es la 11.2.19.0.000. Esta vulnerabilidad, difícil de explotar, permite que un atacante con privilegios elevados y acceso a la red a través de HTTP ponga en peligro Oracle Hyperion Data Relationship Management. Los ataques exitosos de esta vulnerabilidad pueden provocar la toma de control de Oracle Hyperion Data Relationship Management. Puntuación base CVSS 3.1 6.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
CWE		CWE-863

21 Jan 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-21 21:15

Updated : 2025-06-23 18:01

NVD link : CVE-2025-21569

Mitre link : CVE-2025-21569

CVE.ORG link : CVE-2025-21569

JSON object : View

Products Affected

oracle

hyperion_data_relationship_management

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2025-21569", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2025-01-21T21:15:23.977", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2025.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). The supported version that is affected is 11.2.19.0.000. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Data Relationship Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Hyperion Data Relationship Management de Oracle Hyperion (componente: Web Services). La versi\u00f3n compatible afectada es la 11.2.19.0.000. Esta vulnerabilidad, dif\u00edcil de explotar, permite que un atacante con privilegios elevados y acceso a la red a trav\u00e9s de HTTP ponga en peligro Oracle Hyperion Data Relationship Management. Los ataques exitosos de esta vulnerabilidad pueden provocar la toma de control de Oracle Hyperion Data Relationship Management. Puntuaci\u00f3n base CVSS 3.1 6.6 (impactos en la confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)."}], "lastModified": "2025-06-23T18:01:24.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:11.2.19.0.000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44D01719-77F9-4776-814D-B26C2C98988A"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}

6.6 /10