CVE-2025-53049

⚠️ high

Summary

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business I

Description

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H).

CVSS Score

8.4

High

EPSS Score

0.1

Exploit Probability

Published Date

2025-10-21

First Seen: 2026-01-05

Last Modified 2025-10-23

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE IDs (Weakness Types)

CWE-284

🔗 References 1

https://www.oracle.com/security-alerts/cpuoct2025.html

Vendor Advisory

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
oracle	business_intelligence	Affected	v7.6.0.0.0
oracle	business_intelligence	Affected	v8.2.0.0.0

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-21976	⚠️ high	7.1	0.0	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Oracle Anal...	2026-01-20
CVE-2025-30759	🔶 medium	6.1	0.0	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Platform Se...	2025-07-15
CVE-2024-21139	🔶 medium	5.4	0.2	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics W...	2024-07-16
CVE-2024-21001	🔶 medium	5.4	0.4	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform...	2024-04-16
CVE-2024-21064	🔶 medium	5.4	0.2	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics W...	2024-04-16
CVE-2024-21099	🔶 medium	4.3	0.3	Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visual...	2024-04-16

These CVEs affect the same products