CVE-2025-50061

CWE-269 — Improper Privilege Management CWE-416 — Use After Free7 documents6 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 84.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Primavera P6 Enterprise Project Portfolio Management Oracle Primavera P6 Enterprise Project Portfolio Management

Timeline

PublishedJul 15

Latest updateDec 4

Description

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12.21, 21.12.0-21.12.21, 22.12.0-22.12.19, 23.12.0-23.12.13 and 24.12.0-24.12.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person o…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDoracle/primavera_p6_enterprise_project_portfolio_management20.12.0 — 20.12.21+4

▶CVEListV5oracle_corporation/primavera_p6_enterprise_project_portfolio_management20.12.0 — 20.12.21+4

Patches

Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2025-12-04

▶

OSV

linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities↗2025-11-19

▶

CVEList

CVE-2025-50061: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access)↗2025-07-15

▶

GHSA

GHSA-v4g7-2hmc-m6r3: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access)↗2025-07-15

▶

📋Vendor Advisories

Oracle

Oracle Oracle Construction and Engineering Risk Matrix: Web Access — CVE-2025-50061↗2025-07-15

▶

Microsoft

i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition↗2024-10-08

▶