OSA-38470372 — Vulnetix

OSA-38470372 PUBLISHED CVSS 9.800000190734863 CRITICAL

Vulnerability in the Oracle AutoVue Office product of Oracle Supply Chain (component: Security (OpenJPEG)). The supported version that is affected is 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue Office. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue Office. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

Jan 20, 2026 CVE Published

References

Oracle CPU cpujan2026 — CVE-2025-54874 advisory

Open in Interactive Console →