CVE-2025-61756
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
EPSS 0.05% · 17.1th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | financial_services_analytical_applications_infrastructure | 8.0.7.9.0, 8.0.8.7.0, 8.1.2.5.0 |
| Oracle Corporation | Oracle Financial Services Analytical Applications Infrastructure | 8.0.7.9, 8.0.8.7, 8.1.2.5 |
Exploit Intelligence
- CIRCL seen: CVE-2025-61756 (circl-sighting)
- Oracle Advisory (circl)
Timeline
- Oct 21, 2025 CVE Published
- Oct 22, 2025 EPSS Score
- Oct 22, 2025 CVE Updated
- Oct 22, 2025 PoC Published
- Oct 28, 2025 EPSS Score
- Nov 3, 2025 EPSS Score
- Nov 9, 2025 EPSS Score
- Nov 14, 2025 EPSS Score
- Nov 20, 2025 EPSS Score
- Nov 26, 2025 EPSS Score
- Dec 2, 2025 EPSS Score
- Dec 8, 2025 EPSS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61756 advisory