CVE-2025-53049 — Vulnetix

CVE-2025-53049 PUBLISHED CVSS 8.399999618530273 HIGH

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).

EPSS 0.06% · 19.3th percentile

Risk Scores

CVSS v3.1

8.399999618530273

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS Score

0.06%

19.3th percentile

Affected Products

Vendor	Product	Versions
oracle	business_intelligence	7.6.0.0.0, 8.2.0.0.0
Oracle Corporation	Oracle Business Intelligence Enterprise Edition	7.6.0.0.0, 8.2.0.0.0

Timeline

Oct 21, 2025 Coalition ESS Score
Oct 21, 2025 CVE Published
Oct 22, 2025 EPSS Score
Oct 27, 2025 EPSS Score
Nov 2, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 12, 2025 EPSS Score
Nov 17, 2025 Coalition ESS Score
Nov 18, 2025 EPSS Score
Nov 23, 2025 EPSS Score
Nov 28, 2025 EPSS Score
Dec 3, 2025 EPSS Score

References

Oracle Advisory vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-53049 advisory

Open in Interactive Console →