A vulnerability has been officially registered as JVNDB-2025-017902, affecting the Oracle Financial Services Analytical Applications Infrastructure component within Oracle Financial Services Applications. The issue is identified as a flaw related to System Configuration.

Vulnerability Details and Impact

The vulnerability exists within the System Configuration component of Oracle Financial Services Analytical Applications Infrastructure. According to the vulnerability report, this issue allows an unauthenticated attacker with network access via HTTP to compromise the system. This can result in an unauthorized ability to cause a complete takeover of the Oracle Financial Services Analytical Applications Infrastructure, including unauthorized access to all accessible data. The Common Vulnerability Scoring System (CVSS) v3.0 assigns this issue a base score of 9.8 (Critical). The CVSS vector string is reported as (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected Versions and Solution

The specific versions of Oracle Financial Services Analytical Applications Infrastructure affected by this vulnerability are 8.1.1.0.0 through 8.1.2.4.0. Oracle, the developer, has addressed this vulnerability and released security updates. Users and administrators of the affected software are advised to apply the patches provided by Oracle to mitigate the risk. It is recommended to consult the information provided by the developer for the most current and detailed instructions on applying the necessary updates.

Source: http://vrda.jpcert.or.jp/feed/ja/JVNiPedia_JVNDB-2025-017902_AD_1.html