Listen to this Post
How the CVE Works
CVE-2025-21568 is an access control vulnerability in Oracle Hyperion Data Relationship Management (version 11.2.19.0.000). The flaw allows a high-privileged attacker with network access via HTTP to exploit insufficient security controls. Human interaction (e.g., tricking an admin into clicking a malicious link) is required for successful exploitation. The attacker gains unauthorized access to sensitive data due to improper validation of user permissions. The CVSS 3.1 score is 4.5 (Medium), with high confidentiality impact but no integrity or availability loss.
DailyCVE Form
Platform: Oracle Hyperion
Version: 11.2.19.0.000
Vulnerability: Access Control Bypass
Severity: Medium
Date: 06/23/2025
Prediction: Patch by Q3 2025
What Undercode Say
Check affected version curl -I http://target:port/version Exploit PoC (simulated) POST /api/access HTTP/1.1 Host: target Authorization: Bearer [bash]
How Exploit
- Attacker sends crafted HTTP request.
- Exploits improper session validation.
- Leverages stolen/admin credentials.
Protection from this CVE
- Apply Oracle’s upcoming patch.
- Restrict HTTP access.
- Enforce MFA for admins.
Impact
- Unauthorized data access.
- Confidentiality breach.
- No system compromise.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
