Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
This is a critical unauthenticated remote code execution vulnerability in Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit version 0.3.0. An attacker with network access via HTTP can completely take over the affected system without any authentication, privileges, or user interaction required. The CVSS score of 9.8 reflects maximum impact across confidentiality, integrity, and availability. There is no evidence of active exploitation (not in CISA KEV), and no proof-of-concept code has been publicly identified in the available intelligence.
Technical ContextAI
The vulnerability exists in the Desktop component of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit, an open source project tool used for designing and visualizing edge cloud infrastructure. The affected product is identified via CPE as cpe:2.3:a:oracle_corporation:oracle_edge_cloud_infrastructure_designer_and_visualisation_toolkit. While the specific CWE classification is not provided, the combination of unauthenticated network access via HTTP and complete system takeover suggests potential issues such as authentication bypass, command injection, or insecure deserialization. The Desktop component suggests this may be a desktop application with web service capabilities or a web-based interface accessible over HTTP.
RemediationAI
Immediately upgrade Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit to a version newer than 0.3.0 that addresses this vulnerability, consulting Oracle's security advisory at https://www.oracle.com/security-alerts/public-vuln-to-advisory-mapping.html for the specific patched version. Until patching is completed, implement network-level compensating controls including restricting HTTP access to the Desktop component to only trusted IP addresses or internal networks, placing the application behind a web application firewall (WAF) with strict input validation rules, and disabling network access entirely if the tool can function in offline mode. Consider disabling the Desktop component or the entire application if it is not actively required for business operations until the patch can be applied.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12665