Common Applications
CVE-2025-30716
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
AnalysisAI
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Affected products include: Oracle Common Applications.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
More in Common Applications
View allVulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Gantt Server). Rated
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). R
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Role Summary). Rated
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: User Interface). Rat
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). R
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Frame
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Frame
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Frame
Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Frame
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today