{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-30756","assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","state":"PUBLISHED","assignerShortName":"oracle","dateReserved":"2025-03-26T05:52:18.814Z","datePublished":"2025-07-15T19:27:31.291Z","dateUpdated":"2025-07-16T15:04:45.457Z"},"containers":{"cna":{"providerMetadata":{"orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle","dateUpdated":"2025-07-15T19:27:31.291Z"},"problemTypes":[{"descriptions":[{"lang":"en-US","description":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle REST Data Services accessible data as well as  unauthorized read access to a subset of Oracle REST Data Services accessible data."}]}],"affected":[{"vendor":"Oracle Corporation","product":"Oracle REST Data Services","versions":[{"version":"24.2.0","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*"}]}]}],"descriptions":[{"lang":"en-US","value":"Vulnerability in Oracle REST Data Services (component: General).   The supported version that is affected is 24.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle REST Data Services.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle REST Data Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle REST Data Services accessible data as well as  unauthorized read access to a subset of Oracle REST Data Services accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."}],"references":[{"url":"https://www.oracle.com/security-alerts/cpujul2025.html","name":"Oracle Advisory","tags":["vendor-advisory"]}],"metrics":[{"cvssV3_1":{"attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM"}}]},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-352","lang":"en","description":"CWE-352 Cross-Site Request Forgery (CSRF)"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-16T15:04:39.944119Z","id":"CVE-2025-30756","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-16T15:04:45.457Z"}}]}}