CVE-2025-21547

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation without Limits4 documents4 sources
Severity
9.1CRITICAL
EPSS
0.5%
top 34.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Oracle Hospitality Opera 5Oracle Hospitality Opera 5
Timeline
PublishedJan 21

Description

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDoracle/hospitality_opera_54 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-wcg3-v8j6-c8gg: Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet)2025-01-21
CVEList
CVE-2025-21547: Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet)2025-01-21

📋Vendor Advisories

1
Oracle
Oracle Oracle Hospitality Applications Risk Matrix: Opera Servlet — CVE-2025-215472025-01-15
CVE-2025-21547 (CRITICAL CVSS 9.1) | Vulnerability in the Oracle Hospita | cvebase.io