CVE-2025-21568 — Incorrect Authorization in Corporation Oracle Hyperion Data Relationship Management

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

4.5MEDIUMNVD

EPSS

0.3%

top 43.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Hyperion Data Relationship Management Oracle Hyperion Data Relationship Management

Timeline

PublishedJan 21

Description

Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). The supported version that is affected is 11.2.19.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

▶NVDoracle/hyperion_data_relationship_management11.2.19.0.000

▶CVEListV5oracle_corporation/oracle_hyperion_data_relationship_management11.2.19.0.000

🔴Vulnerability Details

CVEList

CVE-2025-21568: Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security)↗2025-01-21

▶

GHSA

GHSA-3647-958p-fpph: Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security)↗2025-01-21

▶

📋Vendor Advisories

Oracle

Oracle Oracle Hyperion Risk Matrix: Access and Security — CVE-2025-21568↗2025-01-15

▶