CVE-2025-30728
📊 7.5 HIGH⚡ 0.1%🎯 0 exploits
📅 Published Apr 15, 2025
📋 Status: Analyzed
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | oracle | configurator | ≥ 12.2.3 ∧ ≤ 12.2.14 | Vulnerable | cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≥ 12.2.3 ∧ ≤ 12.2.14
CPE:
cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
7.5 (HIGH)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)15.7th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Apr 15, 2025 (6 months ago)
Last Modified
Apr 21, 2025 (6 months ago)
Security Weaknesses1
CWE-284
References2
NVDpatch