CVE-2025-50105 – This vulnerability in Oracle Universal Work Que... (How to Fix)

Q: What is the severity of CVE-2025-50105?

CVE-2025-50105 has a CVSS score of 8.1 (HIGH). This vulnerability in Oracle Universal Work Queue allows authenticated attackers with low privileges to perform unauthorized data manipulation (create, delete, modify) and access sensitive information via HTTP requests. It affects Oracle E-Business Suite versions 12.2.3 through 12.2.14.

📋 TL;DR

This vulnerability in Oracle Universal Work Queue allows authenticated attackers with low privileges to perform unauthorized data manipulation (create, delete, modify) and access sensitive information via HTTP requests. It affects Oracle E-Business Suite versions 12.2.3 through 12.2.14.

💻 Affected Systems

Products:

Oracle E-Business Suite

Versions: 12.2.3 through 12.2.14

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Oracle Universal Work Queue component with Work Provider Administration functionality enabled.

📦 What is this software?

Universal Work Queue by Oracle

View all CVEs affecting Universal Work Queue →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Oracle Universal Work Queue data including unauthorized access to all critical business data and ability to modify or delete all accessible data.

🟠

Likely Case

Unauthorized access to sensitive business data and unauthorized modifications to work queue configurations and data.

🟢

If Mitigated

Limited impact through proper network segmentation, strong authentication controls, and monitoring of privileged actions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires low-privileged authenticated access via HTTP. No public exploit code available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update July 2025

Vendor Advisory: https://www.oracle.com/security-alerts/cpujul2025.html

Restart Required: Yes

Instructions:

1. Download appropriate patches from Oracle Support. 2. Apply patches following Oracle E-Business Suite patching procedures. 3. Restart affected services. 4. Test functionality.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to Oracle E-Business Suite to trusted IP addresses only

Privilege Reduction

all

Review and minimize user privileges, especially for low-privileged accounts accessing Work Provider Administration

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to Oracle E-Business Suite
Enable detailed logging and monitoring for all Work Provider Administration activities and review regularly

🔍 How to Verify

Check if Vulnerable:

Check Oracle E-Business Suite version and patch level via Oracle Application Manager or query database for version information

Check Version:

SELECT RELEASE_NAME FROM FND_PRODUCT_GROUPS;

Verify Fix Applied:

Verify patch application via Oracle OPatch utility and confirm version is beyond affected range

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to Work Provider Administration pages
Unusual data modification patterns in work queue tables
Multiple failed authentication attempts followed by successful low-privilege access

Network Indicators:

HTTP requests to Work Provider Administration endpoints from unusual sources
Burst of data manipulation requests

SIEM Query:

source="oracle-ebs" AND (uri="*WorkProviderAdmin*" OR action="*work_queue*modify*") AND user_privilege="low"

📊 Metadata

CVE ID: CVE-2025-50105

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-284

EPSS Score: 0.07% exploit probability (20.8th percentile)

Published: July 15, 2025

Last Updated: July 24, 2025

🔗 References

https://www.oracle.com/security-alerts/cpujul2025.html Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50105, you might also want to check these: