Lucene search
K

Oracle Coherence (October 2025 CPU)

🗓️ 23 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 4 Views

Oracle Coherence versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 are affected by CVE-2025-55163 enabling unauthenticated HTTP/2 access and denial of service.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin:Vulnerability in Netty affects IBM Netezza Appliance
17 Dec 202513:22
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http2-4.1.118.Final.jar
4 Feb 202618:39
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Event Processing
30 Dec 202512:59
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server
10 Feb 202603:19
ibm
IBM Security Bulletins
Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities
1 Dec 202516:17
ibm
IBM Security Bulletins
Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec, netty-codec-http and netty-codec-http2 (CVE-2025-58056, CVE-2025-58057, CVE-2025-55163)
29 Jan 202615:17
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
22 Jan 202604:58
ibm
IBM Security Bulletins
Security Bulletin: There is a vulnerability in netty-codec-http2-4.1.115.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-55163)
10 Nov 202507:12
ibm
IBM Security Bulletins
Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec (CVE-2025-58056, CVE-2025-55163, CVE-2025-58057).
20 Sep 202500:57
ibm
IBM Security Bulletins
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to a deny of service attack due to the Netty package (CVE-2025-55163)
29 Oct 202518:27
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(271248);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/26");

  script_cve_id("CVE-2025-55163");
  script_xref(name:"IAVA", value:"2025-A-0789");
  script_xref(name:"IAVA", value:"2026-A-0069");

  script_name(english:"Oracle Coherence (October 2025 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 versions of Coherence installed on the remote host are affected by a
vulnerability as referenced in the October 2025 CPU advisory.

  - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Third Party 
    (Netty)). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily 
    exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise 
    Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a 
    hang or frequently repeatable crash (complete DOS) of Oracle Coherence. (CVE-2025-55163)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpuoct2025csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpuoct2025.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2025 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-55163");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/10/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:coherence");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_coherence_installed.nbin");
  script_require_keys("installed_sw/Oracle Coherence");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Oracle Coherence');

var constraints = [
  { 'min_version' : '12.2.1.4.0', 'fixed_version' : '12.2.1.4.27' },
  { 'min_version' : '14.1.1.0.0', 'fixed_version' : '14.1.1.0.23' },
  { 'min_version' : '14.1.2.0.0', 'fixed_version' : '14.1.2.0.4' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Jan 2026 00:00Current
7High risk
Vulners AI Score7
CVSS 3.17.5
CVSS 48.2
EPSS0.00979
SSVC
4