CVE Alert: CVE-2025-62290 – Oracle Corporation – Oracle ZFS Storage Appliance Kit
CVE-2025-62290
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
AI Summary Analysis
Risk verdict
High risk to critical storage infrastructure; act quickly as exploitation is network-based, requires high attacker privileges, and could lead to complete takeover.
Why this matters
The flaw affects Oracle ZFS Storage Appliance Kit 8.8 and could allow an attacker with remote access to compromise the appliance, compromising confidentiality, integrity and availability. In practice, an adversary with elevated admin rights could exfiltrate or alter data, disrupt storage services, or pivot to connected systems.
Most likely attack path
Exploitation would occur over HTTP against the management surface, with no user interaction required but requiring high attacker privileges. An attacker would need existing admin-level credentials or an already privileged foothold to trigger the exploit, enabling takeover of the device and potential lateral access to linked storage resources.
Who is most exposed
Deployments with internet-facing or broadly routable management interfaces, or poorly segmented data-centre networks, are most at risk. Environments using Oracle ZFS Storage ApplianceKit in on-premise data paths without strict access controls or MFA are particularly vulnerable.
Detection ideas
- Anomalous admin API/auth activity from unusual IPs or times.
- Privilege-escalation or configuration-change events on the appliance’s Block Storage component.
- Repeated HTTP management requests without legitimate user interaction.
- Sudden changes to access controls, volumes, or backups.
- Correlated alerts from network and security logs around the management port.
Mitigation and prioritisation
- Apply vendor advisory promptly; upgrade to supported version per Oracle guidance.
- Restrict management interfaces to trusted networks (VPN/MPLS); disable or tightly control HTTP management where possible.
- Enforce strong authentication and least-privilege RBAC for admin accounts; enable MFA if available.
- Implement network segmentation, firewall rules, and monitoring specific to management endpoints.
- Plan for patch deployment with rollback and verify backups before change windows. Treat as priority once remediation timing is confirmed by Oracle guidance.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
