How severe is CVE-2025-21541?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-21541?

This is classified as CWE-281, which is a common weakness in software security.

CVE-2025-21541 - MEDIUM Severity | CVSS 5.4

Vulnerability Description

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Related Vulnerabilities

CVE-2021-21379

MEDIUM

CVSS:5.4(Medium)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with th...

CWE-2812021

CVE-2023-45807

MEDIUM

CVSS:5.4(Medium)

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch...

CWE-2812023

CVE-2023-49932

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions.

CWE-2812023

CVE-2024-22402

MEDIUM

CVSS:5.4(Medium)

Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to...

CWE-2812024

CVE-2025-21544

MEDIUM

CVSS:5.4(Medium)

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7...

CWE-2812025

CVE-2020-16910

MEDIUM

CVSS:5.5(Medium)

<p>A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firm...

CWE-2812020