CVE-2025-21578

MEDIUM

Oracle Secure Backup - Incorrect Permission Assignment

Title source: rule

Description

Vulnerability in Oracle Secure Backup (component: General). Supported versions that are affected are 12.1.0.1, 12.1.0.2, 12.1.0.3, 18.1.0.0, 18.1.0.1 and 18.1.0.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Secure Backup executes to compromise Oracle Secure Backup. Successful attacks of this vulnerability can result in takeover of Oracle Secure Backup. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

References (1)

[Patch, Vendor Advisory] https://www.oracle.com/security-alerts/cpuapr2025.html

Scores

CVSS v3 6.7

EPSS 0.0012

EPSS Percentile 30.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (6)

oracle/secure_backup 12.1.0.1

oracle/secure_backup 12.1.0.2

oracle/secure_backup 12.1.0.3

oracle/secure_backup 18.1.0.0

oracle/secure_backup 18.1.0.1

oracle/secure_backup 18.1.0.2

Published Apr 15, 2025

Tracked Since Feb 18, 2026