Oracle Agile PLM Framework (Supply Chain) v9.3.6 - Privilege Escalation via Unspecified Means (CVE-2025-21556)

Description

Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change).

Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM Framework.

Affected Product Versions:

Oracle Agile PLM Framework (Supply Chain) v9.3.6

Remediation

Update to the latest version.

References

https://www.oracle.com/security-alerts/cpujan2025.html

Risk

Impact: Critical
Probability: Critical
CVSS v4 Score: —
CVSS v3 Score: 9.9 / 10
CVSS v2 Score: 9 / 10
EPSS: 0.1 %

Versions

Affected Versions

Information

Category: —
CWE
CVE
Known Exploitation Activity

OWASP

OWASP 2013: Unknown
OWASP 2017: Unknown
OWASP 2021: Unknown