CVE-2025-21532

Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujan2025.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-21 21:15

Updated : 2025-07-02 16:33

NVD link : CVE-2025-21532

Mitre link : CVE-2025-21532

CVE.ORG link : CVE-2025-21532

JSON object : View

Products Affected

oracle

analytics_desktop

CWE

CWE-276

Incorrect Default Permissions

{"id": "CVE-2025-21532", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-01-21T21:15:19.107", "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2025.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-276"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Analytics Desktop product of Oracle Analytics (component: Install). Supported versions that are affected are Prior to 8.1.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Analytics Desktop executes to compromise Oracle Analytics Desktop. Successful attacks of this vulnerability can result in takeover of Oracle Analytics Desktop. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Analytics Desktop de Oracle Analytics (componente: Instalaci\u00f3n). Las versiones compatibles afectadas son anteriores a la 8.1.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con pocos privilegios que inicie sesi\u00f3n en la infraestructura donde se ejecuta Oracle Analytics Desktop ponga en peligro Oracle Analytics Desktop. Los ataques exitosos de esta vulnerabilidad pueden provocar la toma de control de Oracle Analytics Desktop. Puntuaci\u00f3n base CVSS 3.1: 7,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."}], "lastModified": "2025-07-02T16:33:48.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:analytics_desktop:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DD65911-95F0-4859-9435-8CB7CC7AA918", "versionEndExcluding": "8.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}