cbcvebase.
CVE-2025-21524
published 2025-01-21

CVE-2025-21524: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are…

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.74%
49.9th percentile
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected

2 ranges
VendorProductVersion rangeFixed in
oraclejd_edwards_enterpriseone_tools< 9.2.9.09.2.9.0
oracle_corporationjd_edwards_enterpriseone_tools>= * < 9.2.9.09.2.9.0

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability affects JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0, exploitable over HTTP by an unauthenticated remote attacker targeting the Monitoring and Diagnostics SEC component. Detection should focus on anomalous unauthenticated HTTP requests to JD Edwards EnterpriseOne Tools Monitoring and Diagnostics endpoints.
  • Monitor for successful exploitation indicators such as unexpected process execution, privilege escalation, or full system takeover originating from the JD Edwards EnterpriseOne Tools service, consistent with a CVSS 9.8 unauthenticated network attack.
  • ·Only JD Edwards EnterpriseOne Tools versions prior to 9.2.9.0 are affected. Patching to 9.2.9.0 or later remediates the vulnerability.
  • ·The vulnerability is exploitable with no authentication and no user interaction required (PR:N/UI:N), meaning any network-accessible JD Edwards instance is at risk without additional access controls.
  • ·The affected component is specifically the Monitoring and Diagnostics SEC subcomponent of JD Edwards EnterpriseOne Tools, communicated via HTTP. Network segmentation or firewall rules restricting HTTP access to this component can reduce exposure.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_oracle9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.