CVE-2025-53037
published 2025-10-21CVE-2025-53037: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform)…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.43%
34.2th percentile
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle_corporation | oracle_financial_services_analytical_applications_infrastructure | — | — |
| oracle_corporation | oracle_financial_services_analytical_applications_infrastructure | — | — |
| oracle_corporation | oracle_financial_services_analytical_applications_infrastructure | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-53037 targets Oracle Financial Services Analytical Applications Infrastructure (OFSAAI) via HTTP — monitor for unauthenticated HTTP requests to OFSAAI Platform endpoints from external/untrusted network sources, especially those resulting in unexpected code execution or session establishment. ↗
- →Prioritize detection and patching on OFSAAI versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 — these are the confirmed affected versions. Inventory and flag any exposed instances of these specific versions. ↗
- →Given the CVSS 9.8 score with no authentication, no user interaction, and network vector, treat any anomalous unauthenticated activity against OFSAAI Platform HTTP services as high-priority — successful exploitation leads to full system takeover (C/I/A all HIGH). ↗
- ·No technical details, PoC, payload signatures, or specific vulnerable endpoint paths have been publicly disclosed for CVE-2025-53037 at this time. Detection must rely on behavioral/version-based indicators until further details are released. ↗
- ·The advisory is part of Oracle's October 2025 CPU. Refer to Oracle's official advisory (cpuoct2025) for patch availability and any updated technical details as they are released. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_oracle9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Oracle
Oracle Oracle Financial Services Applications Risk Matrix: Platform — CVE-2025-53037
vendor_oracle·2025-10-15·CVSS 9.8
CVE-2025-53037 [CRITICAL] Oracle Oracle Financial Services Applications Risk Matrix: Platform — CVE-2025-53037
Oracle Oracle Financial Services Applications Risk Matrix: Platform vulnerability
CVE: CVE-2025-53037
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuoct2025 (OCT 2025)
GHSA
GHSA-6ch6-9f47-4373: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Pl
ghsa_unreviewed·2025-10-21
CVE-2025-53037 [CRITICAL] CWE-306 GHSA-6ch6-9f47-4373: Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Pl
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in takeover of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
No detection rules found.
No public exploits indexed.
Qualys
Oracle Critical Patch Update, October 2025 Security Update Review
blogs_qualys·2025-10-23
Oracle Critical Patch Update, October 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 73, constituting about 19% of the total patches released. Oracle Communications Applications and Oracle Financial Services Applications followed, with 64 and 33 security patches.
298 of the 374 security patches provided by the October Critical Patch Update (
Qualys
Oracle Critical Patch Update, October 2025 Security Update Review | Qualys
blogs_qualys·2025-10-23
Oracle Critical Patch Update, October 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 374 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 73, constituting about 19% of the total patches released. Oracle Communications Applications and Oracle Financial Services Applications followed, with 64 and 33 security patches.
298 of the 374 security patches provided by the October Critical Patch Upd
2025-10-21
Published