CVE-2025-30727: 
Oracle E-Business Suite vulnerability analysis and mitigation

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.14. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle Scripting. The vulnerability was disclosed on April 15, 2025, and received a CVSS 3.1 Base Score of 9.8 (Critical) (Oracle CPU).

The vulnerability has been assigned a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating it is exploitable over the network with low attack complexity, requires no privileges or user interaction, and can impact confidentiality, integrity, and availability at high levels. The vulnerability has been classified under CWE-306 (Missing Authentication for Critical Function) (NVD).

Successful exploitation of this vulnerability can result in complete takeover of Oracle Scripting, potentially allowing attackers to gain unauthorized access to critical data, modify system configurations, and cause service disruptions (Oracle CPU).

Oracle has released patches for this vulnerability as part of the April 2025 Critical Patch Update. Organizations running affected versions (12.2.3-12.2.14) of Oracle E-Business Suite should apply the security patches immediately (Oracle CPU).