cbcvebase.
CVE-2025-53037
published 2025-10-21

CVE-2025-53037: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.43%
34.2th percentile
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected

6 ranges
VendorProductVersion rangeFixed in
oraclefinancial_services_analytical_applications_infrastructure
oraclefinancial_services_analytical_applications_infrastructure
oraclefinancial_services_analytical_applications_infrastructure
oracle_corporationoracle_financial_services_analytical_applications_infrastructure
oracle_corporationoracle_financial_services_analytical_applications_infrastructure
oracle_corporationoracle_financial_services_analytical_applications_infrastructure

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-53037 targets Oracle Financial Services Analytical Applications Infrastructure (OFSAAI) via HTTP — monitor for unauthenticated HTTP requests to OFSAAI Platform endpoints from external/untrusted network sources, especially those resulting in unexpected code execution or session establishment.
  • Prioritize detection and patching on OFSAAI versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 — these are the confirmed affected versions. Inventory and flag any exposed instances of these specific versions.
  • Given the CVSS 9.8 score with no authentication, no user interaction, and network vector, treat any anomalous unauthenticated activity against OFSAAI Platform HTTP services as high-priority — successful exploitation leads to full system takeover (C/I/A all HIGH).
  • ·No technical details, PoC, payload signatures, or specific vulnerable endpoint paths have been publicly disclosed for CVE-2025-53037 at this time. Detection must rely on behavioral/version-based indicators until further details are released.
  • ·The advisory is part of Oracle's October 2025 CPU. Refer to Oracle's official advisory (cpuoct2025) for patch availability and any updated technical details as they are released.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_oracle9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.