What is CVE-2025-21526?

A medium severity vulnerability in Oracle Primavera P6 allows low privileged attackers to compromise system data through HTTP. Organizations are urged to address this vulnerability promptly.

What is the severity of CVE-2025-21526?

CVE-2025-21526 has a severity rating of MEDIUM with a CVSS base score of 5.4.

CVE-2025-21526 | Medium Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

CVE-2025-21526 is a medium severity vulnerability affecting Oracle's Primavera P6 Enterprise Project Portfolio Management product. This vulnerability allows low privileged attackers with network access via HTTP to compromise the system. Successful exploitation requires human interaction from a user other than the attacker, which increases the risk as attacks can impact additional products beyond Primavera P6.

The vulnerability has a CVSS 3.1 base score of 5.4, indicating moderate risk due to its potential to allow unauthorized access to sensitive data. With a low attack complexity and the requirement for user interaction, it poses a tangible risk to organizations using affected versions. Organizations should prioritize patching this vulnerability to mitigate risks.

Organizations using unsupported versions of Primavera P6 must be vigilant and take immediate action to apply patches or deploy mitigations. The urgency to address this vulnerability is further emphasized by its potential to result in unauthorized updates, insertions, or deletions of accessible data.

With recent disclosure on January 21, 2025, the ongoing monitoring of the situation is crucial. Organizations are advised to stay updated on any developments related to CVE-2025-21526 and take necessary actions to safeguard their environments.

Vulnerability Details

This vulnerability allows low privileged attackers with network access via HTTP to compromise the Primavera P6 Enterprise Project Portfolio Management system. Supported affected versions include 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0, and 23.12.1.0-23.12.10.0. Attacks require human interaction and can lead to unauthorized access to sensitive data.

Technical Analysis

The root cause of CVE-2025-21526 lies in the application’s web access component. Attackers may leverage this vulnerability by sending crafted HTTP requests that exploit flaws in the web interface. The attack vector is network-based, with low complexity, requiring minimal privileges and user interaction.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to Primavera P6 data, which can lead to significant operational disruptions. The blast radius is noteworthy as this vulnerability may impact additional products due to the interconnected nature of enterprise applications. Organizations should assess the potential impact of this vulnerability on their operational environment and prioritize remediation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Oracle Primavera P6 Enterprise Project Portfolio Management are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0, 22.12.1.0-22.12.16.0, and 23.12.1.0-23.12.10.0. Organizations running these versions should take immediate action.

Mitigation & Remediation

Organizations should prioritize patching this vulnerability to prevent unauthorized access to data. The appropriate patches can be obtained from the vendor's advisory. For those unable to apply patches immediately, it is recommended to implement strict network controls and monitor access to the Primavera P6 system.

Detection Guidance

Monitoring log indicators for unusual access patterns and behavioral anomalies related to Primavera P6 can help detect potential exploitation attempts. Organizations should also establish network signatures to identify unauthorized access to the system.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-21526 emphasizes the need for organizations to develop a robust vulnerability management program. This incident represents a trend of vulnerabilities that require user interaction for exploitation, highlighting the importance of user awareness training. Security teams should prioritize understanding the attack vectors associated with such vulnerabilities.

Moreover, organizations should consider continuous penetration testing to proactively identify and remediate similar vulnerabilities before they can be exploited. For more information on how to establish a comprehensive security strategy, organizations can refer to our resources on vulnerability management programs and penetration testing strategies.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-21526: Medium Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management