{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-62290","assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","state":"PUBLISHED","assignerShortName":"oracle","dateReserved":"2025-10-09T23:08:43.178Z","datePublished":"2025-10-21T20:03:16.439Z","dateUpdated":"2026-02-26T16:57:17.529Z"},"containers":{"cna":{"providerMetadata":{"orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle","dateUpdated":"2025-10-21T20:03:16.439Z"},"problemTypes":[{"descriptions":[{"lang":"en-US","description":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit.  Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit."}]}],"affected":[{"vendor":"Oracle Corporation","product":"Oracle ZFS Storage Appliance Kit","versions":[{"version":"8.8","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"}]}]}],"descriptions":[{"lang":"en-US","value":"Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage).   The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit.  Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."}],"references":[{"url":"https://www.oracle.com/security-alerts/cpuoct2025.html","name":"Oracle Advisory","tags":["vendor-advisory"]}],"metrics":[{"cvssV3_1":{"attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH"}}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-62290","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-10-23T03:55:27.649627Z"}}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-284","description":"CWE-284 Improper Access Control"}]}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T16:57:17.529Z"}}]}}