CVE-2025-62287 – This vulnerability in Oracle Life Sciences InFo... (How to Fix)

Q: What is the severity of CVE-2025-62287?

CVE-2025-62287 has a CVSS score of 6.1 (MEDIUM). This vulnerability in Oracle Life Sciences InForm allows unauthenticated attackers to modify or read limited data by tricking users into interacting with malicious content. It affects Oracle Health Sciences Applications version 7.0.1.0 and requires user interaction to exploit.

📋 TL;DR

This vulnerability in Oracle Life Sciences InForm allows unauthenticated attackers to modify or read limited data by tricking users into interacting with malicious content. It affects Oracle Health Sciences Applications version 7.0.1.0 and requires user interaction to exploit.

💻 Affected Systems

Products:

Oracle Life Sciences InForm

Versions: 7.0.1.0

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Web Server component. Requires HTTP network access and user interaction.

📦 What is this software?

Life Sciences Inform by Oracle

View all CVEs affecting Life Sciences Inform →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate clinical trial data or access sensitive patient information, potentially compromising data integrity and confidentiality across connected systems.

🟠

Likely Case

Limited data manipulation or unauthorized viewing of some records through social engineering attacks targeting users.

🟢

If Mitigated

Minimal impact with proper network segmentation, user awareness training, and access controls limiting exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (UI:R) but is easily exploitable (AC:L) via HTTP. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Oracle CPU October 2025 advisory

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2025.html

Restart Required: No

Instructions:

1. Review Oracle CPU October 2025 advisory. 2. Apply the recommended patch for Oracle Life Sciences InForm 7.0.1.0. 3. Test in non-production environment first. 4. Deploy to production systems.

🔧 Temporary Workarounds

Network segmentation

all

Restrict HTTP access to Oracle Life Sciences InForm web server to trusted networks only

User awareness training

all

Educate users about phishing and social engineering risks

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy web application firewall with specific rules for this application

🔍 How to Verify

Check if Vulnerable:

Check if Oracle Life Sciences InForm version is 7.0.1.0 and review configuration

Check Version:

Check Oracle Life Sciences InForm administration console or application logs for version information

Verify Fix Applied:

Verify patch installation and confirm version is updated beyond 7.0.1.0

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests to web server component
Multiple failed authentication attempts followed by successful data access

Network Indicators:

HTTP traffic patterns suggesting data manipulation without authentication
External IP addresses accessing sensitive endpoints

SIEM Query:

source="oracle-inform-logs" AND (event_type="data_modification" OR event_type="unauthorized_access")

📊 Metadata

CVE ID: CVE-2025-62287

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-306

EPSS Score: 0.03% exploit probability (9.6th percentile)

Published: October 21, 2025

Last Updated: October 24, 2025

🔗 References

https://www.oracle.com/security-alerts/cpuoct2025.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62287, you might also want to check these: