CVE-2025-50070

CWE-284Improper Access ControlCWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 91.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation JdbcOracle Database Server
Timeline
PublishedJul 15

Description

Vulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulnerability allows low privileged attacker having Authenticated OS User privilege with logon to the infrastructure where JDBC executes to compromise JDBC. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JDBC, attacks may significantly impact additional products (scope change). Successful atta

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:NExploitability: 0.8 | Impact: 4.0

Affected Packages2 packages

NVDoracle/database_server23.423.8
CVEListV5oracle_corporation/jdbc23.423.8

Patches

Patch: www.oracle.com

🔴Vulnerability Details

2
CVEList
CVE-2025-50070: Vulnerability in the JDBC component of Oracle Database Server2025-07-15
GHSA
GHSA-wg3c-5453-22rh: Vulnerability in the JDBC component of Oracle Database Server2025-07-15

📋Vendor Advisories

2
Oracle
Oracle Oracle Database Server Risk Matrix: JDBC — CVE-2025-500702025-07-15
Microsoft
pinctrl: stm32: check devm_kasprintf() returned value2024-10-08
CVE-2025-50070 (MEDIUM CVSS 5.3) | Vulnerability in the JDBC component | cvebase.io