CVE-2025-30724
📋 TL;DR
An unauthenticated vulnerability in Oracle BI Publisher's XML Services allows remote attackers to access sensitive data via HTTP. This affects Oracle Analytics versions 7.6.0.0.0 and 12.2.1.4.0, potentially exposing all accessible BI Publisher data to unauthorized parties.
💻 Affected Systems
- Oracle BI Publisher
- Oracle Analytics
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all Oracle BI Publisher accessible data, including sensitive business intelligence reports, financial data, and confidential information.
Likely Case
Unauthorized access to critical business intelligence data, potentially including financial reports, operational metrics, and sensitive organizational information.
If Mitigated
Limited or no data exposure if proper network segmentation, authentication controls, and patching are implemented.
🎯 Exploit Status
CVSS indicates 'easily exploitable' with no authentication required via HTTP, suggesting simple exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Oracle Critical Patch Update for April 2025
Vendor Advisory: https://www.oracle.com/security-alerts/cpuapr2025.html
Restart Required: Yes
Instructions:
1. Download the appropriate patch from Oracle Support. 2. Apply the patch following Oracle's documentation. 3. Restart the BI Publisher services. 4. Verify the patch was applied successfully.
🔧 Temporary Workarounds
Network Access Control
allRestrict HTTP access to BI Publisher instances using firewalls or network segmentation
Authentication Enforcement
allImplement additional authentication layers or move BI Publisher behind authentication proxy
🧯 If You Can't Patch
- Isolate BI Publisher instances from untrusted networks using firewall rules
- Implement network monitoring and intrusion detection for suspicious access patterns
🔍 How to Verify
Check if Vulnerable:
Check Oracle BI Publisher version via administration console or by examining installation files. Versions 7.6.0.0.0 and 12.2.1.4.0 are vulnerable.Check Version:
Check Oracle BI Publisher version in administration console or via Oracle documentation for version checking methods.Verify Fix Applied:
Verify patch application through Oracle's patch management tools and confirm version is no longer 7.6.0.0.0 or 12.2.1.4.0.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated HTTP requests to XML Services endpoints
- Unusual data access patterns from unexpected IP addresses
- Increased data retrieval from BI Publisher
Network Indicators:
- HTTP traffic to BI Publisher XML Services from unauthorized sources
- Unusual data exfiltration patterns
SIEM Query:
source="oracle_bi_publisher" AND (http_method="GET" OR http_method="POST") AND uri CONTAINS "/xmlpserver/" AND user="anonymous"