What is CVE-2025-30724?

A high-severity vulnerability in Oracle BI Publisher could allow unauthenticated attackers to access critical data. Organizations must patch affected versions immediately to mitigate risks.

What is the severity of CVE-2025-30724?

CVE-2025-30724 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2025-30724 | High Vulnerability in Oracle BI Publisher

CVE-2025-30724 refers to a high-severity vulnerability in the Oracle BI Publisher product of Oracle Analytics, specifically within its XML Services component. The vulnerability is classified as easily exploitable, allowing unauthenticated attackers with network access via HTTP to compromise Oracle BI Publisher. With a CVSS score of 7.5, this vulnerability poses significant risks to organizations using the affected software versions, namely 7.6.0.0.0 and 12.2.1.4.0. Successful exploitation can lead to unauthorized access to critical data or even complete access to all data accessible through Oracle BI Publisher.

Risk to organizations includes potential exposure of sensitive information, which could have serious implications for business operations and compliance with data protection regulations. Given the high exploitability of this vulnerability, organizations should prioritize patching immediately. The urgency is underscored by the fact that attackers could leverage this flaw to gain access to critical data without requiring any authentication.

This vulnerability has not been observed in high-profile attacks, but its potential for exploitation remains a significant concern. Oracle has advised organizations to review their systems for the affected versions and apply necessary patches as soon as possible.

Organizations should also consider conducting regular security assessments to identify and address similar vulnerabilities proactively. The overall impact of this vulnerability on organizational security posture can be mitigated through timely and effective remediation.

Vulnerability Details

The official description of CVE-2025-30724 from Oracle indicates that the vulnerability is found in the Oracle BI Publisher product, which is part of Oracle Analytics. The affected versions are 7.6.0.0.0 and 12.2.1.4.0. This vulnerability allows an unauthenticated attacker with network access to compromise the Oracle BI Publisher application.

The CVSS score for this vulnerability is 7.5, indicating a high level of risk. This score is primarily due to the potential confidentiality impact, as successful attacks can lead to unauthorized access to sensitive data. The CVSS vector string is: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

The vulnerability is classified under CWE-200, which denotes the exposure of sensitive information. This classification further emphasizes the importance of addressing this vulnerability swiftly.

Technical Analysis

The root cause of CVE-2025-30724 lies in the lack of proper authentication mechanisms within the Oracle BI Publisher product, particularly in its XML Services component. This allows an attacker to exploit the vulnerability remotely.

The attack vector is classified as network-based, meaning that the vulnerability can be exploited by an attacker who has network access to the affected system. The attack complexity is low, as it does not require any special conditions to be met for exploitation.

No privileges are required for exploitation, and user interaction is not needed, making this vulnerability particularly dangerous. The confidentiality impact is high, as attackers may access sensitive data, while integrity and availability impacts are rated as none.

Risk & Impact Analysis

The real-world risk posed by CVE-2025-30724 is significant. Organizations utilizing Oracle BI Publisher are exposed to potential data breaches that could lead to unauthorized access to critical information. The vulnerability's high exploitability factor means that attackers could potentially compromise systems quickly and with minimal effort.

Given the nature of the data often processed by BI Publisher, the consequences could extend beyond immediate financial losses, affecting customer trust and regulatory compliance. Organizations should assess their deployment of Oracle BI Publisher and evaluate the potential blast radius of this vulnerability.

With the CVSS score of 7.5, the urgency for organizations to address this vulnerability is high. Organizations should prioritize remediation efforts and ensure that all systems are updated to the latest versions to mitigate risks associated with this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Oracle BI Publisher include 7.6.0.0.0 and 12.2.1.4.0. Organizations should ensure that they are not using these versions to minimize their risk exposure.

Mitigation & Remediation

Organizations are advised to apply patches provided by Oracle to remediate this vulnerability. Specifically, the latest updates to the Oracle BI Publisher should be installed to mitigate risks. If patches are not available, organizations should implement workarounds such as restricting network access to the affected systems while monitoring for any suspicious activity.

For those unable to apply patches immediately, it is recommended to conduct a thorough security assessment and consider options for application security assessments to identify and mitigate potential weaknesses in their systems.

Detection Guidance

To detect attempts to exploit this vulnerability, organizations should monitor logs for unusual access patterns to the Oracle BI Publisher. Indicators of compromise may include unauthorized access attempts or unusual data access requests. Behavioral anomalies in user activity should also be flagged for further investigation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-30724 highlights the ongoing challenges organizations face in securing their systems against unauthorized access. This vulnerability represents a trend toward increased exploitation of weaknesses in widely used enterprise software.

Security teams should take this as a reminder to implement robust security practices, including regular updates and security assessments to maintain a strong security posture. The lessons learned from this vulnerability can help inform future security strategies.

For more information on securing Oracle environments, organizations may benefit from resources on Oracle security assessments and best practices for mitigating vulnerabilities effectively.

Additionally, organizations should consider comprehensive security testing, such as penetration testing methodologies, to identify and address vulnerabilities before they can be exploited.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-30724: High Vulnerability in Oracle BI Publisher