How severe is CVE-2025-21582?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2025-21582?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-21582

MEDIUM Year: 2025

CVSS v3 Score

6.1

Medium

Weakness Type

CWE-863

View all →

Vulnerability Description

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data as well as unauthorized read access to a subset of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

CVE-2019-11724

MEDIUM

CVSS:6.1(Medium)

Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unneces...

CWE-8632019

CVE-2021-20290

MEDIUM

CVSS:6.1(Medium)

An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw ...

CWE-8632021

CVE-2021-3457

MEDIUM

CVSS:6.1(Medium)

An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This fla...

CWE-8632021

CVE-2022-1132

MEDIUM

CVSS:6.1(Medium)

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

CWE-8632022

CVE-2023-2257

MEDIUM

CVSS:6.1(Medium)

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Busi...

CWE-8632023

CVE-2023-29656

MEDIUM

CVSS:6.1(Medium)

An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the ...

CWE-8632023

CVE-2025-21582

Vulnerability Description

Related Vulnerabilities

CVE-2019-11724

CVE-2021-20290

CVE-2021-3457

CVE-2022-1132

CVE-2023-2257

CVE-2023-29656