Login Sign Up

CVE-2025-30718

5.4 MEDIUM

📋 TL;DR

This vulnerability in Oracle E-Business Suite's Applications Framework allows authenticated attackers with low privileges to upload malicious files via HTTP, potentially leading to unauthorized data modification and limited data exposure. It affects Oracle E-Business Suite versions 12.2.3 through 12.2.14. Attackers need network access and valid low-privilege credentials to exploit this flaw.

💻 Affected Systems

Products:
  • Oracle E-Business Suite
Versions: 12.2.3 through 12.2.14
Operating Systems: All platforms running Oracle E-Business Suite
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Oracle Applications Framework component with Attachments/File Upload functionality enabled

📦 What is this software?

Applications Framework by Oracle

View all CVEs affecting Applications Framework →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could upload malicious files that compromise the application server, potentially leading to data corruption, unauthorized data access, or serving as an initial foothold for further attacks.

🟠

Likely Case

Attackers with valid credentials upload files to manipulate application data, potentially altering business records or accessing sensitive information they shouldn't have permission to view.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor data integrity issues that can be detected and rolled back.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access with low privileges, making it accessible to insiders or attackers who have compromised valid credentials

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply Oracle Critical Patch Update for April 2025 or later

Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2025.html

Restart Required: Yes

Instructions:

1. Download the appropriate patch from Oracle Support. 2. Apply the patch following Oracle's patching procedures. 3. Restart affected Oracle E-Business Suite services. 4. Test functionality to ensure no regression.

🔧 Temporary Workarounds

Restrict File Upload Permissions

all

Temporarily restrict file upload capabilities to only essential users until patching can be completed

Implement WAF Rules

all

Configure web application firewall to block suspicious file upload patterns and validate file types

🧯 If You Can't Patch

  • Implement strict access controls to limit which users can upload files
  • Enable detailed logging and monitoring of all file upload activities

🔍 How to Verify

Check if Vulnerable:

Check Oracle E-Business Suite version and compare against affected versions 12.2.3-12.2.14

Check Version:

SELECT RELEASE_NAME FROM FND_PRODUCT_GROUPS;

Verify Fix Applied:

Verify patch application through Oracle's patch verification tools and confirm version is no longer in vulnerable range

📡 Detection & Monitoring

Log Indicators:

  • Unusual file upload patterns
  • Multiple failed upload attempts
  • Uploads from unexpected user accounts

Network Indicators:

  • HTTP POST requests to file upload endpoints with unusual payloads
  • Traffic patterns indicating file upload exploitation

SIEM Query:

source="oracle-ebs" AND (event_type="file_upload" OR uri_path="*upload*") AND (file_type NOT IN ("pdf","doc","xls") OR file_size>10000000)

📊 Metadata

CVE ID: CVE-2025-30718
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score: 0.18% exploit probability (38.9th percentile)
Published: April 15, 2025
Last Updated: July 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON