Oracle Financial Services Behavior Detection Platform, Cross-Site Request Forgery (CSRF), CVE-2025-21550 (Medium)

How the CVE Works

CVE-2025-21550 is a Cross-Site Request Forgery (CSRF) vulnerability in Oracle Financial Services Behavior Detection Platform’s Web UI. Attackers exploit this flaw by crafting malicious HTTP requests that, when executed by an authenticated victim, perform unauthorized actions (data modification or partial data access) without consent. The attack requires victim interaction (e.g., clicking a link) and leverages the platform’s failure to validate request origins. The CVSS 3.1 score reflects medium risk due to scope change (impacting other products) and limited confidentiality/integrity breaches.

DailyCVE Form

Platform: Oracle Financial Services
Version: 8.0.8.1, 8.1.2.7, 8.1.2.8
Vulnerability: CSRF
Severity: Medium
Date: 06/23/2025

Prediction: Patch by 08/2025

What Undercode Say

Analytics:

curl -X GET http://<target>/ui/endpoint --header "Referer: malicious.site"
nmap -p 443 --script http-csrf <target>

How Exploit:

1. Attacker crafts a fake form/URL.

2. Victim clicks while authenticated.

3. Unauthorized request executes.

Protection from this CVE:

Implement CSRF tokens.
Validate request origins.
Update to patched versions.

Impact:

Unauthorized data modification.
Partial data leakage.
Secondary system compromise.

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Listen to this Post