How severe is CVE-2025-21553?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2025-21553?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-21553

MEDIUM Year: 2025

CVSS v3 Score

4.2

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).

CVE-2017-8196

MEDIUM

CVSS:4.2(Medium)

FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby queryin...

CWE-8632017

CVE-2018-0803

MEDIUM

CVSS:4.2(Medium)

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Micr...

CWE-8632018

CVE-2020-15248

MEDIUM

CVSS:4.2(Medium)

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" ...

CWE-8632020

CVE-2021-33881

MEDIUM

CVSS:4.2(Medium)

On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends ...

CWE-8632021

CVE-2024-23823

MEDIUM

CVSS:4.2(Medium)

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on C...

CWE-8632024

CVE-2024-7096

MEDIUM

CVSS:4.2(Medium)

A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions on...

CWE-8632024

CVE-2025-21553

Vulnerability Description

Related Vulnerabilities

CVE-2017-8196

CVE-2018-0803

CVE-2020-15248

CVE-2021-33881

CVE-2024-23823

CVE-2024-7096