CVE-2025-30694
First published: Tue Apr 15 2025(Updated: )
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows low privileged attacker having User Account privilege with network access via HTTP to compromise XML Database. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in XML Database, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of XML Database accessible data as well as unauthorized read access to a subset of XML Database accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Database | >=19.3<19.26>=21.3<21.17>=23.4<23.7 | |
| Oracle XML Database | >=19.3<=19.26 | |
| Oracle XML Database | >=21.3<=21.17 | |
| Oracle XML Database | >=23.4<=23.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-30694?
CVE-2025-30694 is considered an easily exploitable vulnerability that can be exploited by low privileged attackers with User Account privileges.
How do I fix CVE-2025-30694?
To fix CVE-2025-30694, you should upgrade to a patched version of Oracle Database Server that is not affected by this vulnerability.
Which versions of Oracle Database Server are affected by CVE-2025-30694?
CVE-2025-30694 affects Oracle Database Server versions 19.3-19.26, 21.3-21.17, and 23.4-23.7.
What type of access is required to exploit CVE-2025-30694?
Exploitation of CVE-2025-30694 requires network access via HTTP and a User Account with low privileges.
What component of Oracle Database Server is impacted by CVE-2025-30694?
CVE-2025-30694 impacts the XML Database component of Oracle Database Server.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/source
- agent/author
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/weakness
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- vendor/oracle
- canonical/oracle database
- canonical/oracle xml database
- version/oracle xml database/19.3
- version/oracle xml database/19.26
- version/oracle xml database/21.3
- version/oracle xml database/21.17
- version/oracle xml database/23.4
- version/oracle xml database/23.7