{"vulnerability": "CVE-2025-2155", "sightings": [{"uuid": "35b34749-cee6-4033-aa0b-5c2183294540", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lgebiatmek2i", "content": "", "creation_timestamp": "2025-01-22T21:06:06.665321Z"}, {"uuid": "f3b5b206-1965-41ec-91f5-29c68aa460e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21553", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqjy7bg27", "content": "", "creation_timestamp": "2025-01-21T21:19:01.741722Z"}, {"uuid": "dbc965f0-c414-436d-8b12-339b822452d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21555", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqoftyu2f", "content": "", "creation_timestamp": "2025-01-21T21:19:06.323214Z"}, {"uuid": "024b2c96-eed5-4fd2-874a-b921287ee839", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21551", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqfdega2j", "content": "", "creation_timestamp": "2025-01-21T21:18:56.951590Z"}, {"uuid": "347037d6-5647-4371-8f38-f42e82c23376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21550", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqcytya2c", "content": "", "creation_timestamp": "2025-01-21T21:18:54.375877Z"}, {"uuid": "26bc9019-dc2a-43b3-9051-14adb5382d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21552", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqhoura2c", "content": "", "creation_timestamp": "2025-01-21T21:18:59.376169Z"}, {"uuid": "64ef063b-605c-463f-a282-ebd40d858397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21554", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqm3rew27", "content": "", "creation_timestamp": "2025-01-21T21:19:03.875085Z"}, {"uuid": "8a6d42db-cb27-4e29-808f-4407a5d11799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqqrfuh2t", "content": "", "creation_timestamp": "2025-01-21T21:19:08.827110Z"}, {"uuid": "d411ce4e-533c-4344-80ce-07cbfa4504aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21557", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqtr3sq2j", "content": "", "creation_timestamp": "2025-01-21T21:19:11.974079Z"}, {"uuid": "c7f82eda-4a44-40b9-987b-6ebb6ba6407d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21558", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqw335o27", "content": "", "creation_timestamp": "2025-01-21T21:19:14.676827Z"}, {"uuid": "b77ad61c-5d72-4fe4-89ee-fd29ee0aa76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21559", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbrqyhrrl2h", "content": "", "creation_timestamp": "2025-01-21T21:19:17.244030Z"}, {"uuid": "df783c70-ced0-4c37-8f89-de524d0cb1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113868546913414517", "content": "", "creation_timestamp": "2025-01-21T21:48:58.981157Z"}, {"uuid": "6edbf09c-26ae-4395-bf3b-e8b10b3d9740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lgcvaxgf7q2y", "content": "", "creation_timestamp": "2025-01-22T07:54:33.829288Z"}, {"uuid": "5345a29c-b5f0-47aa-8a8c-3f4760a470b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/113877895586251218", "content": "", "creation_timestamp": "2025-01-23T13:26:28.084000Z"}, {"uuid": "3005b142-2441-4b6f-98bc-eb1887b06506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3lgfybla6ns2w", "content": "", "creation_timestamp": "2025-01-23T13:26:36.798287Z"}, {"uuid": "ee5a5e41-fc8b-43e4-8a50-c7ebf9626afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html", "content": "", "creation_timestamp": "2025-01-22T06:25:00.000000Z"}, {"uuid": "9d41c9d4-cdff-47b2-a645-9e27de2412eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://threatintel.cc/2025/01/23/oracle-releases-january-patch-to.html", "content": "", "creation_timestamp": "2025-01-23T13:23:16.000000Z"}, {"uuid": "21432f06-2f13-4ac8-9cff-ff6778cbac42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lgdprykctx2i", "content": "", "creation_timestamp": "2025-01-22T15:49:24.431420Z"}, {"uuid": "dfb8a4ac-da9b-4f67-b1f3-8fe42e54accf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2155", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3maqm5y353s2z", "content": "", "creation_timestamp": "2025-12-24T15:44:09.601135Z"}, {"uuid": "7056cb6f-972b-4100-bfd7-1e9ed63e526b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3lgdgtfjmns2t", "content": "", "creation_timestamp": "2025-01-22T13:09:10.461236Z"}, {"uuid": "a94d980e-acae-48b3-8e1c-3e8ad43174e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2155", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3maqqjeinq222", "content": "", "creation_timestamp": "2025-12-24T17:02:07.165927Z"}, {"uuid": "b651b07d-eb3b-4825-a6b4-5230845a8f1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21552", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7418", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21552\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).\n\ud83d\udccf Published: 2025-01-21T20:53:16.924Z\n\ud83d\udccf Modified: 2025-03-13T14:35:17.023Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-03-13T14:45:22.000000Z"}, {"uuid": "ab98b9cf-ac9f-4558-9826-035822d685ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21559", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2477", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21559\n\ud83d\udd39 Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\ud83d\udccf Published: 2025-01-21T20:53:19.677Z\n\ud83d\udccf Modified: 2025-01-21T20:53:19.677Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-01-21T21:01:03.000000Z"}, {"uuid": "7c082a20-f131-4bc9-bfab-936c48226af7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21555", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2481", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21555\n\ud83d\udd39 Description: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\ud83d\udccf Published: 2025-01-21T20:53:18.135Z\n\ud83d\udccf Modified: 2025-01-21T20:53:18.135Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-01-21T21:01:09.000000Z"}, {"uuid": "0f12ad49-2dc5-4c80-91bc-d4887860b732", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2480", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21556\n\ud83d\udd39 Description: Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services).   The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework.  While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).\n\ud83d\udccf Published: 2025-01-21T20:53:18.494Z\n\ud83d\udccf Modified: 2025-01-21T20:53:18.494Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-01-21T21:01:09.000000Z"}, {"uuid": "599b70ae-2199-4453-8c54-c73f18d66b32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21557", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2479", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21557\n\ud83d\udd39 Description: Vulnerability in Oracle Application Express (component: General).  Supported versions that are affected are 23.2 and  24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as  unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).\n\ud83d\udccf Published: 2025-01-21T20:53:18.920Z\n\ud83d\udccf Modified: 2025-01-21T20:53:18.920Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-01-21T21:01:05.000000Z"}, {"uuid": "d1775572-fc4d-4de8-8489-30b32be171ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21558", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2478", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21558\n\ud83d\udd39 Description: Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access).  Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and  22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as  unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).\n\ud83d\udccf Published: 2025-01-21T20:53:19.286Z\n\ud83d\udccf Modified: 2025-01-21T20:53:19.286Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-01-21T21:01:04.000000Z"}, {"uuid": "eab9c09d-bb4c-4c39-846f-31196262ab6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21554", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2482", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21554\n\ud83d\udd39 Description: Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security).  Supported versions that are affected are 7.4.0, 7.4.1 and  7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).\n\ud83d\udccf Published: 2025-01-21T20:53:17.695Z\n\ud83d\udccf Modified: 2025-01-21T20:53:17.695Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-01-21T21:01:10.000000Z"}, {"uuid": "87ae282a-7e79-4574-bf9e-d01f56947018", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21552", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2484", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21552\n\ud83d\udd39 Description: Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).  Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).\n\ud83d\udccf Published: 2025-01-21T20:53:16.924Z\n\ud83d\udccf Modified: 2025-01-21T20:53:16.924Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-01-21T21:01:11.000000Z"}, {"uuid": "bccda530-ef77-4fd1-93dd-1def919a0229", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21553", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2483", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21553\n\ud83d\udd39 Description: Vulnerability in the Java VM component of Oracle Database Server.  Supported versions that are affected are 19.3-19.25, 21.3-21.16 and  23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java VM accessible data as well as  unauthorized read access to a subset of Java VM accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).\n\ud83d\udccf Published: 2025-01-21T20:53:17.298Z\n\ud83d\udccf Modified: 2025-01-21T20:53:17.298Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpujan2025.html", "creation_timestamp": "2025-01-21T21:01:11.000000Z"}, {"uuid": "3493bff4-3778-42d7-a857-dc8015e8b314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21554", "type": "seen", "source": "https://t.me/cvedetector/16024", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21554 - Oracle Communications Order and Service Management HTTP Unauthorized Read Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21554 \nPublished : Jan. 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security).  Supported versions that are affected are 7.4.0, 7.4.1 and  7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T22:50:10.000000Z"}, {"uuid": "78a81f0c-d259-424d-a518-56831f20bef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21558", "type": "seen", "source": "https://t.me/cvedetector/16023", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21558 - Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-21558 \nPublished : Jan. 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access).  Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and  22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as  unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T22:50:09.000000Z"}, {"uuid": "7f534bd3-85be-4470-9160-3751af9776f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21557", "type": "seen", "source": "https://t.me/cvedetector/16022", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21557 - Oracle Application Express Unauthenticated Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2025-21557 \nPublished : Jan. 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : Vulnerability in Oracle Application Express (component: General).  Supported versions that are affected are 23.2 and  24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as  unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T22:50:09.000000Z"}, {"uuid": "ee028a91-4575-4aec-8db6-bdb0cc33af99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21555", "type": "seen", "source": "https://t.me/cvedetector/16021", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21555 - Oracle MySQL InnoDB Unauthenticated High Privilege DOS and Data Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21555 \nPublished : Jan. 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T22:50:08.000000Z"}, {"uuid": "496f464e-30aa-4b8a-b5d5-3adf88da51ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21556", "type": "seen", "source": "https://t.me/cvedetector/16020", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21556 - \"Oracle Agile PLM Framework - HTTP Takeover Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2025-21556 \nPublished : Jan. 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services).   The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework.  While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T22:50:07.000000Z"}, {"uuid": "ea1c4bc7-1455-46dc-8cc2-d6471647af3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-21559", "type": "seen", "source": "https://t.me/cvedetector/16027", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21559 - Oracle MySQL MySQL Server InnoDB Denial of Service and Data Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-21559 \nPublished : Jan. 21, 2025, 9:15 p.m. | 29\u00a0minutes ago \nDescription : Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and  9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as  unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-21T22:50:15.000000Z"}]}