CVE Alert: CVE-2025-61763 – Oracle Corporation – Oracle Essbase
CVE-2025-61763
Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Essbase accessible data as well as unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
AI Summary Analysis
Risk verdict: High risk with remote network access and low-privilege requirements; given the severity, treat as urgent unless KEV/SSVC exploitation state indicates otherwise.
Why this matters: The vulnerability allows modification or deletion of critical data without user interaction, risking data integrity and confidentiality across Oracle Essbase environments. Attackers could leverage these capabilities to exfiltrate or corrupt finance or planning data, disrupt reporting, and undermine trust in decision-making processes.
Most likely attack path: An attacker with network access could exploit the flaw using low privileges via HTTP, with no UI interaction required. The required preconditions are modest (network access, low privileges), and the impact is scope-unchanged, enabling targeted data manipulation within the Essbase Web Platform.
Who is most exposed: Organisations running Oracle Essbase in on-premises or hybrid deployments with HTTP exposure to the Web Platform are most at risk, particularly where Essbase is accessible from broader enterprise networks or cloud-connected dashboards.
Detection ideas:
- Unusual HTTP requests targeting the Essbase Web Platform, especially near authentication or data-modification endpoints.
- Sudden spikes in data changes or export operations outside normal business hours.
- Repeated failed or unusual privilege-elevation attempts from unknown IPs.
- Anomalous authentication events or session anomalies for Essbase users.
- Data integrity or access logs showing unauthorized create/delete/modify actions.
Mitigation and prioritisation:
- Patch to the latest Oracle build recommended by the Oct 2025 CPU and apply vendor guidance.
- Restrict HTTP exposure to Essbase Web Platform (IP allowlists, TLS, strong authentication) and enable a Web Application Firewall.
- Enforce principle of least privilege; review and prune low-privilege accounts with access to Essbase data.
- Enable targeted logging, real-time alerts for critical data changes, and regular integrity checks.
- Plan patching in a controlled change window with test validation; verify backup readiness.
- If KEV true or EPSS ≥ 0.5, treat as priority 1.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
