CVE-2025-30733: 
Oracle Database Server vulnerability analysis and mitigation

CVE-2025-30733 is a vulnerability discovered in the RDBMS Listener component of Oracle Database Server, affecting versions 19.3-19.26, 21.3-21.17, and 23.4-23.7. The vulnerability was disclosed on April 15, 2025, and is characterized as an easily exploitable vulnerability that allows unauthenticated attackers with network access via Oracle Net to compromise the RDBMS Listener (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.5, primarily impacting confidentiality. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N), indicating network accessibility, low attack complexity, no privileges required, and user interaction required. The vulnerability is classified under CWE-287 (Improper Authentication) (NVD).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS Listener accessible data. The attack requires human interaction from a person other than the attacker (Oracle CPU).

Oracle has released patches for this vulnerability as part of the April 2025 Critical Patch Update. The patches are available for affected versions 19.3-19.26, 21.3-21.17, and 23.4-23.7. Oracle strongly recommends that customers apply the Critical Patch Update patches as soon as possible (Oracle CPU).

The vulnerability was initially reported by Craig at driftnet.io, demonstrating the active involvement of the security research community in identifying critical database vulnerabilities (Oracle CPU).