Back to overview

CVE-2025-21556

CRITICAL
9.9
CVSS 3.1

Metadata

CVE ID
CVE-2025-21556
State
PUBLISHED
Assigner
oracle
Reserved
2024-12-24 23:18 UTC
Published
2025-01-21 20:53 UTC
Last updated
2026-02-26 19:09 UTC
Primary CWE
CWE-863
CWE-863 Incorrect Authorization
Vendor / Product
Oracle Corporation / Oracle Agile PLM Framework
Sources
cve.org  ·  NVD

Severity & Metrics

9.9 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Oracle Corporation Oracle Agile PLM Framework 9.3.6
Weakness (CWE)
CWESourceDescription
cna Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework.
CWE-863 adp CWE-863 Incorrect Authorization
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.9 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
References (1)
Back to overview