Lucene search
K

Oracle E-Business Suite (July 2025 CPU)

🗓️ 03 Oct 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 7 Views

Oracle E-Business Suite July 2025 CPU fixes CVEs in CRM Foundation, Mobile Field Service, and Work Queue.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2025-50105
15 Jul 202519:27
attackerkb
BDU FSTEC
The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module. The Oracle E-Business Suite technical foundation for automating business processes, allowing attackers to gain access to read, modify, and delete information.
17 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Multiplatform Sync Errors component of the Oracle Mobile Field Service management platform, a system for automating business operations within the Oracle E-Business Suite. This component allows attackers to gain access to read, modify, and delete information.
17 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Device Integration component of the Oracle MES for Process Manufacturing software solution, which is part of the Oracle E-Business Suite. This component allows a malicious individual to gain access to read, modify, and delete data.
21 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Internal Operations component of the Oracle Lease and Finance Management system, a business automation solution, allows a perpetrator to gain access to read, modify, and delete information.
21 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Shopping Cart component of the Oracle iStore system, which is used for creating, managing, and personalizing online stores. This vulnerability exists in the Oracle E-Business Suite, a software solution for automating business operations. This vulnerability allows attackers to gain access to read, modify, and delete information.
21 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Work Provider Administration component of the application for accessing, organizing, and interacting with various types of work in the Oracle Universal Work Queue system—a business automation solution from Oracle E-Business Suite—allows a malicious actor to gain access to read, modify, add, or delete data.
23 Jul 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Personalization component of the Oracle Applications Framework allows a perpetrator to gain unauthorized access to modify, read, and delete protected information.
13 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the application’s request handling component relates to access, organization, and interaction with various types of Oracle Universal Work Queue tasks. This allows attackers to gain unauthorized access to modify, read, and delete protected information.
13 Aug 202500:00
bdu_fstec
BDU FSTEC
The vulnerability of the Web Utilities component of the Oracle Applications Framework software platform allows a perpetrator to gain unauthorized access to modify, read, and delete protected information.
13 Aug 202500:00
bdu_fstec
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(266466);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");

  script_cve_id(
    "CVE-2025-30739",
    "CVE-2025-30743",
    "CVE-2025-30744",
    "CVE-2025-30745",
    "CVE-2025-30746",
    "CVE-2025-50071",
    "CVE-2025-50090",
    "CVE-2025-50105",
    "CVE-2025-50107"
  );
  script_xref(name:"IAVA", value:"2025-A-0513-S");

  script_name(english:"Oracle E-Business Suite (July 2025 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as
referenced in the July 2025 CPU advisory.

  - Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite 
    (component: Preferences). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable 
    vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle CRM 
    Technical Foundation. While the vulnerability is in Oracle CRM Technical Foundation, attacks may 
    significantly impact additional products (scope change). Successful attacks of this vulnerability can 
    result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation 
    accessible data as well as unauthorized read access to a subset of Oracle CRM Technical Foundation 
    accessible data. (CVE-2025-30739)

  - Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite 
    (component: Multiplatform Sync Errors). Supported versions that are affected are 12.2.3-12.2.13. Easily 
    exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle 
    Mobile Field Service. Successful attacks of this vulnerability can result in unauthorized creation, 
    deletion or modification access to critical data or all Oracle Mobile Field Service accessible data as 
    well as unauthorized access to critical data or complete access to all Oracle Mobile Field Service 
    accessible data. (CVE-2025-30744)

  - Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Request 
    handling). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability 
    allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. 
    Successful attacks require human interaction from a person other than the attacker and while the 
    vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products 
    (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or 
    delete access to some of Oracle Universal Work Queue accessible data as well as unauthorized read access 
    to a subset of Oracle Universal Work Queue accessible data. (CVE-2025-50107)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/docs/tech/security-alerts/cpujul2025csaf.json");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujul2025.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the July 2025 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-30744");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:e-business_suite");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_e-business_query_patch_info.nbin");
  script_require_keys("Oracle/E-Business/Version", "Oracle/E-Business/patches/installed");

  exit(0);
}

include('vcf_extras_oracle.inc');

var app_info = vcf::oracle_ebusiness::get_app_info();

var constraints = [
  { 'min_version' : '12.2.3',  'max_version' :'12.2.3.999999', 'fix_patches' : '37923872, 36957442, 27120099, 32636352, 27429118'},
  { 'min_version' : '12.2.4',  'max_version' :'12.2.4.999999', 'fix_patches' : '37923872, 37902186, 37078798, 37327694, 34979060, 32750949, 27120099, 32636352, 27429118'},
  { 'min_version' : '12.2.5',  'max_version' :'12.2.5.999999', 'fix_patches' : '37923872, 38056364, 37902383, 37078813, 37620005, 37327694, 36949119, 37120399, 34979060, 32750949, 36453170'},
  { 'min_version' : '12.2.6',  'max_version' :'12.2.6.999999', 'fix_patches' : '37923872, 38056373, 37902398, 37078823, 37620005, 37327694, 37078910, 25380324, 37078823, 37033978, 37620005, 37327694, 37120430, 34979060, 25229413, 36560216, 34870379'},
  { 'min_version' : '12.2.7',  'max_version' :'12.2.7.999999', 'fix_patches' : '37531055, 37078911, 36560216, 34870379, 35362524, 34979060, 36560216, 37078836, 37120448, 25229413, 37620005, 37327694, 37614928, 37424919' },
  { 'min_version' : '12.2.8',  'max_version' :'12.2.8.999999', 'fix_patches' : '37923872, 38056382, 37902519, 37078843, 37620005, 37327694, 37078912, 37120448, 35362524, 34979060, 36560216, 34870379, 33623398'},
  { 'min_version' : '12.2.9',  'max_version' :'12.2.9.999999', 'fix_patches' : '37923872, 38050166, 37902526, 37078855, 37620005, 37327694, 37078914, 37120463, 35362524, 34979060, 33457157, 30448458'},
  { 'min_version' : '12.2.10', 'max_version' :'12.2.10.999999', 'fix_patches' : '37923872, 36111966, 38050166, 37902533, 36075627, 37078877, 37620005, 37327694, 37078915, 37120482, 35362524, 34979060, 33457157, 30448458'},
  { 'min_version' : '12.2.11', 'max_version' :'12.2.11.999999', 'fix_patches' : '37923872, 36111966, 38050166, 37902539, 36075627, 37078884, 37620005, 37327694, 37078917, 37120482, 35362524, 34979060, 33457157, 30448458'},
  { 'min_version' : '12.2.12', 'max_version' :'12.2.12.999999', 'fix_patches' : '37923872, 36569441, 36111966, 38050166, 37902545, 36075627, 37078893, 37620005, 37327694, 37078919, 37120495, 35362524, 34979060, 33457157, 30448458, 37288039'},
  { 'min_version' : '12.2.13', 'max_version' :'12.2.13.999999', 'fix_patches' : '37923872, 36097561, 36569441, 38050166, 37902555, 37078895, 37620005, 37327694, 37078943, 34979060, 33457157, 30448458, 37287000'},
  { 'min_version' : '12.2.14', 'max_version' :'12.2.14.999999', 'fix_patches' : '37923872, 38050166, 37068559, 34979060, 33457157, 30448458'},
  { 'min_version' : '12.2.15', 'max_version' :'12.2.15.999999', 'fix_patches' : '37923872, 33457157, 30448458' }
];

vcf::oracle_ebusiness::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, fix_date:'202507');


Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jan 2026 00:00Current
7.3High risk
Vulners AI Score7.3
CVSS 3.18.1
EPSS0.00342
SSVC
7