How severe is CVE-2025-21558?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2025-21558?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-21558

MEDIUM Year: 2025

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

CVE-2017-2599

MEDIUM

CVSS:5.4(Medium)

Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficient permission check. This allows users with permissions to create new items (e.g. jobs) to overwrite existing items they don't hav...

CWE-8632017

CVE-2018-1000106

MEDIUM

CVSS:5.4(Medium)

An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall...

CWE-8632018

CVE-2018-10212

MEDIUM

CVSS:5.4(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value.

CWE-8632018

CVE-2020-1725

MEDIUM

CVSS:5.4(Medium)

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access tok...

CWE-8632020

CVE-2020-26555

MEDIUM

CVSS:5.4(Medium)

Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing withou...

CWE-8632020

CVE-2020-4794

MEDIUM

CVSS:5.4(Medium)

IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensit...

CWE-8632020

CVE-2025-21558

Vulnerability Description

Related Vulnerabilities

CVE-2017-2599

CVE-2018-1000106

CVE-2018-10212

CVE-2020-1725

CVE-2020-26555

CVE-2020-4794