VDB
CVE-2025-21532
CVE-2025-21532
PUBLISHED
CVSS 7.800000190734863 HIGH
Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
EPSS 0.17% · 38.5th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.17%
38.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | analytics_desktop | 0 |
| Oracle Corporation | Oracle Analytics Desktop | * |
Exploit Intelligence
- CIRCL seen: CVE-2025-21532 (circl-sighting)
- CIRCL seen: CVE-2025-21532 (circl-sighting)
- Oracle Advisory (circl)
Timeline
- Jan 21, 2025 CVE Published
- Jan 21, 2025 PoC Published
- Jan 21, 2025 CVE Updated
- Jan 22, 2025 EPSS Score
- Feb 6, 2025 EPSS Score
- Feb 9, 2025 Coalition ESS Score
- Feb 18, 2025 Coalition ESS Score
- Feb 22, 2025 EPSS Score
- Feb 25, 2025 PoC Published
- Mar 9, 2025 EPSS Score
- Mar 18, 2025 Coalition ESS Score
- Mar 24, 2025 EPSS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-21532 advisory