CVE-2025-21558
📋 TL;DR
This vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management allows authenticated attackers with low privileges to perform unauthorized data manipulation and read operations via HTTP. It affects web access components in specific versions and requires human interaction from someone other than the attacker to exploit. The vulnerability can impact additional products beyond Primavera P6 when successfully exploited.
💻 Affected Systems
- Oracle Primavera P6 Enterprise Project Portfolio Management
📦 What is this software?
Primavera P6 Enterprise Project Portfolio Management by Oracle
View all CVEs affecting Primavera P6 Enterprise Project Portfolio Management →
⚠️ Risk & Real-World Impact
Worst Case
Attackers could modify critical project data, insert malicious content, delete important records, and exfiltrate sensitive project information, potentially disrupting enterprise project management operations.
Likely Case
Low-privileged users could escalate their access to modify or view project data they shouldn't have access to, leading to data integrity issues and unauthorized information disclosure.
If Mitigated
With proper access controls and monitoring, impact would be limited to minor data manipulation within the attacker's existing access scope.
🎯 Exploit Status
Requires authenticated access and human interaction from another user. Described as 'easily exploitable' by Oracle.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply patches from Oracle Critical Patch Update Advisory - January 2025
Vendor Advisory: https://www.oracle.com/security-alerts/cpujan2025.html
Restart Required: Yes
Instructions:
1. Review Oracle Critical Patch Update Advisory for January 2025. 2. Download appropriate patches for your Primavera P6 version. 3. Apply patches following Oracle's installation instructions. 4. Restart affected services. 5. Verify patch application.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to Primavera P6 web interface to only trusted IP addresses and networks
Privilege Reduction
allReview and minimize low-privilege user accounts and implement principle of least privilege
🧯 If You Can't Patch
- Implement strict network access controls to limit HTTP access to Primavera P6 web interface
- Enhance monitoring and logging for unauthorized data access and modification attempts
🔍 How to Verify
Check if Vulnerable:
Check Primavera P6 version against affected ranges: 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, or 22.12.1.0Check Version:
Check Primavera P6 administration console or application logs for version informationVerify Fix Applied:
Verify version is updated beyond affected ranges and check Oracle patch installation logs📡 Detection & Monitoring
Log Indicators:
- Unusual data modification patterns
- Multiple failed access attempts followed by successful data operations
- User accounts performing actions outside their normal scope
Network Indicators:
- HTTP requests to Primavera P6 web interface with unusual parameters or patterns
- Traffic from unexpected sources to the application
SIEM Query:
source="primavera_p6" AND (event_type="data_modification" OR event_type="unauthorized_access") AND user_privilege="low"