CVE-2025-30702: 
Oracle Database Server vulnerability analysis and mitigation

A vulnerability has been identified in the Fleet Patching and Provisioning component of Oracle Database Server, tracked as CVE-2025-30702. The vulnerability affects Oracle Database Server versions 19.3-19.26. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise Fleet Patching and Provisioning (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 5.3 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), and can impact confidentiality at a low level (C:L) with no impact on integrity (I:N) or availability (A:N) (Oracle CPU, NVD).

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and Provisioning accessible data. The impact is limited to confidentiality breaches, with no reported effects on system integrity or availability (Oracle CPU).

Oracle has released security patches as part of the April 2025 Critical Patch Update to address this vulnerability. Organizations running affected versions (19.3-19.26) of Oracle Database Server should apply the security patches as soon as possible. Until patches can be applied, organizations may consider blocking network access to the Fleet Patching and Provisioning component to reduce the risk of successful attacks (Oracle CPU).