CVE-2025-30750: 
Oracle Database Server vulnerability analysis and mitigation

A vulnerability was discovered in the Unified Audit component of Oracle Database Server affecting versions 19.3-19.27, 21.3-21.18, and 23.4-23.8. The vulnerability was disclosed on July 15, 2025, and assigned identifier CVE-2025-30750. This security flaw affects the database's auditing functionality and requires specific privileges for exploitation (Oracle Patch, NVD).

The vulnerability is characterized by a CVSS 3.1 Base Score of 2.4 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N. The flaw requires network access via Oracle Net and a high-privileged attacker possessing Create User privileges. Additionally, successful exploitation requires human interaction from a person other than the attacker (NVD).

When successfully exploited, this vulnerability can result in unauthorized update, insert or delete access to some of the Unified Audit accessible data. The impact is primarily limited to data integrity, with no direct effect on confidentiality or availability (NVD).

Oracle has addressed this vulnerability in their July 2025 Critical Patch Update. Organizations are strongly recommended to apply these security patches without delay to affected versions (19.3-19.27, 21.3-21.18, and 23.4-23.8) of the Oracle Database Server (Oracle Patch).

The vulnerability was initially discovered and reported by Emad Al-Mousa, demonstrating the ongoing collaboration between security researchers and Oracle's security response team (Oracle Patch).