CVE-2025-21552

MEDIUM Year: 2025
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-1390
View all →

Vulnerability Description

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Related Vulnerabilities

CVE-2023-24890

MEDIUM
CVSS:6.5(Medium)

Microsoft OneDrive for iOS Security Feature Bypass Vulnerability

CWE-13902023

CVE-2024-41722

MEDIUM
CVSS:6.5(Medium)

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. ...

CWE-13902024

CVE-2025-26635

MEDIUM
CVSS:6.5(Medium)

Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.

CWE-13902025

CVE-2025-32885

MEDIUM
CVSS:6.5(Medium)

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via...

CWE-13902025

CVE-2024-45551

MEDIUM
CVSS:6.2(Medium)

Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.

CWE-13902024

CVE-2025-24070

HIGH
CVSS:7.0(High)

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

CWE-13902025