CVE-2025-53049
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).
EPSS 0.08% · 23.7th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | business_intelligence | 7.6.0.0.0, 8.2.0.0.0 |
| Oracle Corporation | Oracle Business Intelligence Enterprise Edition | 7.6.0.0.0, 8.2.0.0.0 |
Timeline
- Oct 21, 2025 Coalition ESS Score
- Oct 21, 2025 CVE Published
- Oct 22, 2025 EPSS Score
- Oct 28, 2025 EPSS Score
- Nov 3, 2025 EPSS Score
- Nov 9, 2025 EPSS Score
- Nov 14, 2025 EPSS Score
- Nov 17, 2025 Coalition ESS Score
- Nov 20, 2025 EPSS Score
- Nov 26, 2025 EPSS Score
- Dec 2, 2025 EPSS Score
- Dec 4, 2025 Coalition ESS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-53049 advisory