Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-61749
CVE-2025-61749:
Oracle Database Server vulnerability analysis and mitigation
Overview
Vulnerability in the Unified Audit component of Oracle Database Server affecting versions 23.4-23.9. The vulnerability was discovered by Emad Al-Mousa and disclosed on October 21, 2025 (Oracle CPU).
Technical details
The vulnerability is characterized by its CVSS 3.1 Base Score of 2.7 (Integrity impacts) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N. This indicates a network-accessible vulnerability that requires high privileges but is easy to exploit, with no user interaction needed. The scope is unchanged, and it primarily affects data integrity (NVD).
Impact
Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. The impact is limited to integrity, with no direct effects on confidentiality or availability (Oracle CPU).
Mitigation and workarounds
Oracle has released patches as part of the October 2025 Critical Patch Update. Organizations are strongly recommended to apply these security patches without delay to affected Oracle Database Server versions 23.4-23.9 (Oracle CPU).
Additional resources
Source: This report was generated using AI
Related Oracle Database Server vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management