CVE-2025-21532 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-21532 PUBLISHED CVSS 7.800000190734863 HIGH

Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

EPSS 0.17% · 38.6th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.17%

38.6th percentile

Affected Products

Vendor	Product	Versions
oracle	analytics_desktop	0
Oracle Corporation	Oracle Analytics Desktop	*

Timeline

Jan 21, 2025 CVE Published
Jan 21, 2025 PoC Published
Jan 22, 2025 EPSS Score
Feb 6, 2025 EPSS Score
Feb 9, 2025 Coalition ESS Score
Feb 18, 2025 Coalition ESS Score
Feb 20, 2025 EPSS Score
Feb 25, 2025 PoC Published
Mar 7, 2025 EPSS Score
Mar 18, 2025 Coalition ESS Score
Mar 22, 2025 EPSS Score
Apr 6, 2025 EPSS Score

References

Oracle Advisory vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-21532 advisory

Open in Interactive Console →