CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-21554

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.9%

CVSS Severity

CVSS v3 Score 5.3

References

https://www.oracle.com/security-alerts/cpujan2025.html

Products affected by CVE-2025-21554

Oracle » Communications Order And Service Management » Version: 7.4.0

cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0
Oracle » Communications Order And Service Management » Version: 7.4.1

cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1
Oracle » Communications Order And Service Management » Version: 7.5.0

cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-21554

Products

Pricing

Contact Us