CVE-2025-30733
MEDIUMOracle RDBMS Listener 19.3-19.26, 21.3-21.17, 23.4-23.7 - Unauthenticated Improper Authentication via Oracle Net
Title source: llmDescription
Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise RDBMS Listener. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Listener accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).
References (2)
Core 2
Core References
Various Sources
https://driftnet.io/blog/oracle-tns-memory-leak
Patch, Vendor Advisory vendor-advisory
https://www.oracle.com/security-alerts/cpuapr2025.html
Scores
CVSS v3
6.5
EPSS
0.0068
EPSS Percentile
71.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (1)
oracle/rdbms_listener
19.3 - 19.26
Published
Apr 15, 2025
Tracked Since
Feb 18, 2026