CVE-2025-53052

CWE-284Improper Access Control5 documents5 sources
Severity
6.1MEDIUM
EPSS
0.0%
top 92.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Oracle WorkflowOracle Workflow
Timeline
PublishedOct 21

Description

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDoracle/workflow12.2.312.2.14
CVEListV5oracle_corporation/oracle_workflow12.2.312.2.14

🔴Vulnerability Details

2
CVEList
CVE-2025-53052: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer)2025-10-21
GHSA
GHSA-4pm2-xpq7-5hv4: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer)2025-10-21

📋Vendor Advisories

2
Oracle
Oracle Oracle E-Business Suite Risk Matrix: Workflow Notification Mailer — CVE-2025-530522025-10-15
Microsoft
io_uring/rw: fix missing NOWAIT check for O_DIRECT start write2024-11-12
CVE-2025-53052 (MEDIUM CVSS 6.1) | Vulnerability in the Oracle Workflo | cvebase.io