Analysis Summary

CVE-2025-30719 CVSS:6.1

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data.

CVE-2025-30720 CVSS:6.1

A vulnerability exists in Oracle Configurator within Oracle E-Business Suite. An unauthenticated attacker with network access via HTTP can compromise Oracle Configurator. The vulnerability requires human interaction from someone other than the attacker. Successful attacks can lead to unauthorized update, insert, or delete access to some Oracle Configurator data, as well as unauthorized read access to a subset of its data. The vulnerability is in Oracle Configurator, attacks may significantly impact additional products, potentially expanding the scope of the security risk.

CVE-2025-30721 CVSS:4

A vulnerability exists in Oracle MySQL Server product, specifically in the Server: UDF component. This issue affects MySQL. The vulnerability is difficult to exploit and requires a high-privileged attacker with infrastructure access to MySQL Server. Successful attacks need human interaction from someone other than the attacker. If exploited, this vulnerability can allow an unauthorized ability to cause a hang or frequent crash of MySQL Server, resulting in a denial-of-service condition.

CVE-2025-30723 CVSS:5.4

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle BI Publisher.

CVE-2025-30722 CVSS:5.3

A vulnerability exists in the MySQL Client product for Oracle MySQL. This difficult-to-exploit vulnerability allows a low-privileged attacker with network access via multiple protocols to compromise the MySQL Client. An attacker could potentially gain unauthorized access to critical data or complete access to all MySQL Client accessible data. Additionally, the vulnerability might enable unauthorized update, insert, or delete access to some MySQL Client accessible data.

CVE-2025-30709 CVSS:6.1

A vulnerability exists in Oracle JD Edwards EnterpriseOne Tools Web Runtime SEC component. This easily exploitable issue allows an unauthenticated attacker with network access via HTTP to compromise the product. The vulnerability requires human interaction from someone other than the attacker and can potentially impact additional products beyond JD Edwards EnterpriseOne Tools. Successful attacks could permit unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of the product's data. Attackers can leverage this vulnerability to perform limited but significant data manipulation and access without authentication, with the attack complexity made lower by requiring only user interaction.

CVE-2025-30710 CVSS:4.9

A vulnerability exists in Oracle MySQL Cluster product. This issue allows a high-privileged attacker with network access through multiple protocols to compromise the MySQL Cluster. An attacker can potentially cause a hang or repeatedly crash the MySQL Cluster, resulting in a complete denial of service (DOS). The vulnerability focusing on availability impacts. The CVSS vector indicates a network-based attack with low complexity, requiring high privileges, and with no user interaction, ultimately leading to a high availability impact.

CVE-2025-30711 CVSS:5.4

An Oracle Applications Framework vulnerability exists in Oracle E-Business Suite, specifically in the Attachments and File Upload component. A low-privileged attacker with network access through HTTP can potentially compromise the framework, but successful attacks require human interaction from someone other than the attacker. The vulnerability allows unauthorized update, insert, or delete access to some Oracle Applications Framework data, as well as unauthorized read access to a subset of the framework's data. While the vulnerability is within Oracle Applications Framework, it may significantly impact additional products.

CVE-2025-30713 CVSS:5.4

A vulnerability exists in Oracle PeopleSoft Enterprise HCM Talent Acquisition Manager. This security issue can be easily exploited by a low-privileged attacker with network access through HTTP. The vulnerability requires human interaction from someone other than the attacker. While the flaw is in the Talent Acquisition Manager, successful attacks can impact additional products. An attacker can potentially gain unauthorized update, insert, delete, and read access to some of the product's data. The vulnerability allows an attacker to compromise the system, potentially exposing sensitive information and modifying data within the PeopleSoft Enterprise HCM Talent Acquisition Manager.

CVE-2025-30714 CVSS:4.8

A vulnerability exists in Oracle MySQL's Connector/Python product. The vulnerability is difficult to exploit and requires a low-privileged attacker with network access. An attack needs human interaction from someone other than the attacker. If successful, the vulnerability could allow unauthorized access to critical data or complete access to all MySQL Connectors data. The CVSS Vector details the vulnerability's characteristics, indicating a network-based attack with high complexity, low privileges, and requiring user interaction, ultimately resulting in high confidentiality risks.

CVE-2025-30697 CVSS:5.4

A vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools, specifically within the Panel Processor component. This security issue can be easily exploited by a low-privileged attacker with network access through HTTP. The vulnerability requires human interaction from someone other than the attacker and can potentially impact multiple products beyond PeopleSoft Enterprise PeopleTools. When successfully executed, the attacks can allow unauthorized update, insert, or delete access to certain PeopleSoft Enterprise PeopleTools data, as well as unauthorized read access to a subset of the system's data.

CVE-2025-30698 CVSS:5.6

A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition affecting multiple. The vulnerability is located in the 2D component and is considered difficult to exploit. An unauthenticated attacker with network access can potentially compromise the system through multiple protocols. Successful attacks could result in unauthorized data modifications, including update, insert, or delete access to some system data, as well as unauthorized read access to a subset of data. The vulnerability can also enable a partial denial of service. This issue specifically impacts Java deployments running untrusted code in sandboxed Java Web Start applications or applets that rely on the Java sandbox for security. It does not affect server-side Java deployments running trusted code.

CVE-2025-30699 CVSS:4.9

A vulnerability exists in Oracle MySQL Server's Stored Procedure component. A high-privileged attacker with network access can easily compromise the MySQL Server through multiple protocols. The vulnerability can allow an attacker to cause repeated crashes or hang the MySQL Server, resulting in a complete denial of service.

CVE-2025-30700 CVSS:3.5

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data.

CVE-2025-30702 CVSS:5.3

A vulnerability exists in the Fleet Patching and Provisioning component of Oracle Database Server. An unauthenticated attacker with network access via HTTP can easily compromise the component. Successful attacks could allow unauthorized read access to a subset of Fleet Patching and Provisioning data.

Impact

• Gain Access
• Privilege Escalation
• Denial of Service
• Data Manipulation

Indicators of Compromise

CVE

• CVE-2025-30719
• CVE-2025-30720
• CVE-2025-30721
• CVE-2025-30722
• CVE-2025-30723
• CVE-2025-30709
• CVE-2025-30710
• CVE-2025-30711
• CVE-2025-30713
• CVE-2025-30714
• CVE-2025-30697
• CVE-2025-30698
• CVE-2025-30699
• CVE-2025-30700
• CVE-2025-30702

Affected Vendors

Remediation

Refer to Oracle Security Advisory for patch, upgrade, or suggested workaround information.

Oracle Security Advisory