Medium

Improper access control in Oracle CRM Technical Foundation Preferences

IdentifiersCVE-2025-30739CWE-284

CVE-2025-30739 is an easily exploitable vulnerability in the Preferences component of Oracle CRM Technical Foundation within Oracle E-Business Suite. Affected versions are 12.2.11 through 12.2.13. According to Oracle, a high-privileged attacker with network access via HTTP can exploit the issue to compromise Oracle CRM Technical Foundation. Although the flaw resides in Oracle CRM Technical Foundation, Oracle notes that successful exploitation may have scope change and significantly impact additional products. The vulnerability results in unauthorized read access to a subset of accessible data and unauthorized update, insert, or delete access to some accessible data. Based on the vendor description and the stated impact pattern, the issue is consistent with an access control weakness.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a high-privileged remote attacker to bypass intended authorization boundaries and gain unauthorized confidentiality and integrity impact within Oracle CRM Technical Foundation. Specifically, the attacker can read a subset of data and perform unauthorized update, insert, or delete operations on some data accessible through the affected application. Oracle also indicates scope change, meaning compromise of the vulnerable component may affect additional products or components beyond Oracle CRM Technical Foundation itself. No availability impact is stated.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure of the Oracle CRM Technical Foundation HTTP interface to only trusted administrative networks, strictly limit and review high-privilege accounts, enforce least privilege, monitor for anomalous data reads and unauthorized update/insert/delete activity in the Preferences component, and apply compensating controls such as network segmentation, WAF rules, and enhanced logging around E-Business Suite web access. These measures are only temporary and do not replace vendor patching.

Remediation

Patch, then assume compromise.

Apply Oracle’s July 2025 Critical Patch Update fixes for CVE-2025-30739 to Oracle E-Business Suite deployments running Oracle CRM Technical Foundation affected versions 12.2.11, 12.2.12, and 12.2.13. Upgrade or patch to a vendor-fixed release as identified in Oracle’s Patch Availability Documents and maintain current CPU levels across the E-Business Suite environment.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

OracleCrm Technical Foundationapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

2 SOURCESView more in app

security boulevardNews

Oct 5, 2025

CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities

A vulnerability in Oracle E-Business Suite component Oracle CRM Technical Foundation, patched in the July 2025 Oracle CPU.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity1