Analysis Summary

CVE-2025-30691 CVSS:4.8

An unspecified vulnerability in Oracle Java SE related to the Compiler component could allow a remote attacker to cause low confidentiality and low integrity impact.

CVE-2025-30692 CVSS:6.5

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Attachments). Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupplier Portal accessible data.

CVE-2025-30694 CVSS:5.4

Vulnerability in the XML Database component of Oracle Database Server. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in XML Database, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of XML Database accessible data as well as unauthorized read access to a subset of XML Database accessible data.

CVE-2025-21586 CVSS:5.4

Oracle JD Edwards EnterpriseOne Tools product has a vulnerability in its Web Runtime SEC component. The issue is easily exploitable by a low-privileged attacker with network access via HTTP. Successful attacks require human interaction from someone other than the attacker. While the vulnerability is in JD Edwards EnterpriseOne Tools, it can significantly impact other products. An attacker can potentially gain unauthorized update, insert, delete, and read access to certain JD Edwards EnterpriseOne Tools data.

CVE-2025-21588 CVSS:4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2025-21579 CVSS:4.9

A vulnerability exists in Oracle MySQL Server. The vulnerability impacts the Server: Options component and can be easily exploited by a high-privileged attacker with network access through multiple protocols. An attacker can potentially cause a hang or frequent crash of the MySQL Server, resulting in a complete denial of service (DOS).

CVE-2025-21580 CVSS:4.9

A vulnerability exists in Oracle MySQL Server. This security issue impacts the Server: DML component and is considered easily exploitable. A high-privileged attacker with network access through multiple protocols can potentially compromise the MySQL Server. If successfully attacked, the vulnerability could allow an unauthorized ability to cause a hang or frequently repeatable crash, effectively creating a complete denial of service (DOS) condition.

CVE-2025-21581 CVSS:4.9

A vulnerability exists in Oracle MySQL Server affecting. The issue is located in the Server: Optimizer component and can be easily exploited by a high-privileged attacker with network access through multiple protocols. An attacker can potentially cause a hang or frequent crash of the MySQL Server, resulting in a complete denial of service (DOS).

CVE-2025-21582 CVSS:6.1

Oracle CRM Technical Foundation in Oracle E-Business Suite has a vulnerability. An unauthenticated attacker with network access via HTTP can compromise the product. The vulnerability requires human interaction from someone other than the attacker. Successful attacks could allow unauthorized update, insert, or delete access to some Oracle CRM Technical Foundation data, as well as unauthorized read access to a subset of the product's data.

CVE-2025-21583 CVSS4.9

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

CVE-2025-21584 CVSS:4.9

A vulnerability exists in Oracle MySQL Server. This security issue is located in the Server: DDL component and can be easily exploited by a high-privileged attacker with network access through multiple protocols. An attacker can potentially cause a hang or frequently repeatable crash of the MySQL Server, resulting in a complete denial of service.

Impact

• Unauthorized Access
• Privilege Escalation
• Data Manipulation
• Denial of Service

Indicators of Compromise

CVE

• CVE-2025-30691
• CVE-2025-30692
• CVE-2025-30694
• CVE-2025-21586
• CVE-2025-21588
• CVE-2025-21579
• CVE-2025-21580
• CVE-2025-21581
• CVE-2025-21582
• CVE-2025-21583
• CVE-2025-21584

Affected Vendors

Remediation

Refer to the Oracle Security Advisory for patch, upgrade, or suggested workaround information.

Oracle Security Advisory