How severe is CVE-2025-21527?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2025-21527?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2025-21527

MEDIUM Year: 2025

CVSS v3 Score

6.1

Medium

Weakness Type

CWE-862

View all →

Vulnerability Description

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Design Tools SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

CVE-2020-10746

MEDIUM

CVSS:6.1(Medium)

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to ...

CWE-8622020

CVE-2021-20733

MEDIUM

CVSS:6.1(Medium)

Improper authorization in handler for custom URL scheme vulnerability in あすけんダイエット (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitr...

CWE-8622021

CVE-2021-20834

MEDIUM

CVSS:6.1(Medium)

Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a ...

CWE-8622021

CVE-2021-24977

MEDIUM

CVSS:6.1(Medium)

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then...

CWE-8622021

CVE-2022-2543

MEDIUM

CVSS:6.1(Medium)

The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and ...

CWE-8622022

CVE-2023-39507

MEDIUM

CVSS:6.1(Medium)

Improper authorization in the custom URL scheme handler in "Rikunabi NEXT" App for Android prior to ver. 11.5.0 allows a malicious intent to lead the vulnerable App to access an arbitrary website.

CWE-8622023

CVE-2025-21527

Vulnerability Description

Related Vulnerabilities

CVE-2020-10746

CVE-2021-20733

CVE-2021-20834

CVE-2021-24977

CVE-2022-2543

CVE-2023-39507