CVE-2025-21569

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

6.6MEDIUM

EPSS

0.6%

top 31.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Hyperion Data Relationship Management Oracle Hyperion Data Relationship Management

Timeline

PublishedJan 21

Description

Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services). The supported version that is affected is 11.2.19.0.000. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Data Relationship Management. Successful attacks of this vulnerability can result in takeover of Oracle Hyperion Data Relationship Management. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity an…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages2 packages

▶NVDoracle/hyperion_data_relationship_management11.2.19.0.000

▶CVEListV5oracle_corporation/oracle_hyperion_data_relationship_management11.2.19.0.000

🔴Vulnerability Details

GHSA

GHSA-5fj8-p786-m6j9: Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services)↗2025-01-21

▶

CVEList

CVE-2025-21569: Vulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Web Services)↗2025-01-21

▶

📋Vendor Advisories

Oracle

Oracle Oracle Hyperion Risk Matrix: Web Services — CVE-2025-21569↗2025-01-15

▶