CVE Alert: CVE-2025-61751 – Oracle Corporation – Oracle Financial Services Analytical Applications Infrastructure

October 22, 2025

CVE-2025-61751

HIGHNo exploitation known

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

CVSS v3.1 (8.1)
AV NETWORK · AC LOW · PR LOW · UI NONE · S UNCHANGED
Vendor
Oracle Corporation
Product
Oracle Financial Services Analytical Applications Infrastructure
Versions
8.0.7.9 | 8.0.8.7 | 8.1.2.5
CWE
Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data.
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Published
2025-10-21T20:03:09.198Z
Updated
2025-10-21T20:03:09.198Z

AI Summary Analysis

Risk verdict

Why this matters

Most likely attack path

Who is most exposed

Detection ideas

  • Unusual or high-volume HTTP requests targeting FSAAI endpoints.
  • Unexpected data access, export, or modification of critical FSAAI datasets.
  • Authentication anomalies or privilege-escalation attempts against FSAAI services.
  • Anomalous administrative activity or configuration changes in the Platform component.
  • Gaps in monitoring/logging around data-modification events.

Mitigation and prioritisation

  • Apply Oracle patches/updates to fixed versions per the vendor advisory; verify applicability and test in staging.
  • Tighten network controls: restrict HTTP access to FSAAI, implement allowlists and strong segmentation; enable WAF rules for this component.
  • Enforce least privilege and monitor for anomalous privilege use; rotate credentials if needed.
  • Enhance logging, alerting and regular integrity checks for critical FSAAI data; implement baseline comparisons.
  • Schedule a change window for patch rollout and validate post-deployment functionality.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features
Buy Me A Coffee Patreon
Tags: , , , , ,

You may have missed

image

CVE Alert: CVE-2025-61763 – Oracle Corporation – Oracle Essbase

October 22, 2025
image

CVE Alert: CVE-2025-62290 – Oracle Corporation – Oracle ZFS Storage Appliance Kit

October 22, 2025
image

CVE Alert: CVE-2025-61760 – Oracle Corporation – Oracle VM VirtualBox

October 22, 2025
image

CVE Alert: CVE-2025-61752 – Oracle Corporation – Oracle WebLogic Server

October 22, 2025
image

CVE Alert: CVE-2025-61751 – Oracle Corporation – Oracle Financial Services Analytical Applications Infrastructure

October 22, 2025