CVE-2025-53041

CWE-284 — Improper Access Control4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.0%

top 92.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Istore Oracle Istore

Timeline

PublishedOct 21

Description

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDoracle/istore12.2.5 — 12.2.14

▶CVEListV5oracle_corporation/oracle_istore12.2.5 — 12.2.14

🔴Vulnerability Details

CVEList

CVE-2025-53041: Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart)↗2025-10-21

▶

GHSA

GHSA-xfgq-68j6-xmxv: Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart)↗2025-10-21

▶

📋Vendor Advisories

Oracle

Oracle Oracle E-Business Suite Risk Matrix: Shopping Cart — CVE-2025-53041↗2025-10-15

▶