VDB

GCVE-110-NCSC-2025-328

GCVE-110-NCSC-2025-328
Advisory PublishedCVSS 5.3/10
Vulnetix · Advisory published October 23, 2025
Recent updates address vulnerabilities in various Oracle applications and Apache HttpComponents, with several rated as high risk, allowing potential remote exploitation affecting data integrity and system security.

Weaknesses (CWE)

CWE-20Improper Input ValidationCWE-502Deserialization of Untrusted DataCWE-674Uncontrolled RecursionCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-611Improper Restriction of XML External Entity ReferenceCWE-770Allocation of Resources Without Limits or ThrottlingCWE-190Integer Overflow or WraparoundCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-125Out-of-bounds ReadCWE-284Improper Access Control

Risk Scores

CVSS 3.1
5.3/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
Oraclevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›