CVE-2025-50090

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 94.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Applications Framework Oracle E-business Suite

Timeline

PublishedJul 15

Description

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact addition…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5oracle_corporation/oracle_applications_framework12.2.3 — 12.2.14

▶NVDoracle/e-business_suite12.2.3 — 12.2.14

🔴Vulnerability Details

CVEList

CVE-2025-50090: Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization)↗2025-07-15

▶

GHSA

GHSA-h69h-pvj5-jxpp: Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization)↗2025-07-15

▶

📋Vendor Advisories

Oracle

Oracle Oracle E-Business Suite Risk Matrix: Personalization — CVE-2025-50090↗2025-07-15

▶