Oracle NoSQL Database (January 2026 CPU)

🗓️ 30 Jan 2026 00:00:00Reported by TenableType

Oracle NoSQL Database versions 1.5 and 1.6 are vulnerable to CVE-2025-30065 via Apache Parquet Java administration.

Reporter	Title	Published	Views	Family All 54
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL	23 Jan 202610:25	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera.	17 Jun 202514:53	–	ibm
IBM Security Bulletins	Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in the parquet-avro module of Apache Parquet (CVE-2025-30065)	30 May 202512:38	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera	21 Aug 202519:56	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Parquet Common Vulnerability reported in Cloudera offerings with IBM. Fixes available from Cloudera	21 Jul 202515:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to tampering and elevation of privilege (CVE-2025-30065) due to the use of IBM Db2	21 Jul 202523:55	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Parquet vulnerabilities affect watsonx.data	20 Jun 202505:37	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Db2® federated server is affected by a vulnerability in Apache Parquet (CVE-2025-30065).	23 Jul 202514:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.	5 Dec 202513:42	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.	18 Jul 202508:11	–	ibm

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2026.html
oracle	www.oracle.com/security-alerts/cpujan2026.html
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(297223);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/03");

  script_cve_id("CVE-2025-30065");

  script_name(english:"Oracle NoSQL Database (January 2026 CPU)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a vulnerability");
  script_set_attribute(attribute:"description", value:
"The 1.5 and 1.6 versions of NoSQL Database installed on the remote host are affected by a vulnerability as referenced in
the January 2026 CPU advisory.

  - Vulnerability in Oracle NoSQL Database (component: Administration (Apache Parquet Java)). Supported
    versions that are affected are 1.5 and 1.6. Difficult to exploit vulnerability allows low privileged
    attacker with logon to the infrastructure where Oracle NoSQL Database executes to compromise Oracle NoSQL
    Database. Successful attacks of this vulnerability can result in takeover of Oracle NoSQL Database.
    (CVE-2025-30065)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2026.html#AppendixNSQL");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/security-alerts/cpujan2026.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2026 Oracle Critical Patch Update advisory.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-30065");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:oracle:nosql_database");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("oracle_nosql_nix_installed.nbin");
  script_require_keys("installed_sw/Oracle NoSQL Database");

  exit(0);
}


include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'Oracle NoSQL Database', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '25.3.21'}
      ]
    }
  ]
};

var res = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:res);

03 Feb 2026 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 3.19.8

CVSS 410

EPSS0.00378

SSVC