CVE-2025-50067 – Oracle Application Express Strategic Planner Starter App HTTP Takeover Vulnerability

July 16, 2025

CVE ID : CVE-2025-50067

Published : July 15, 2025, 8:15 p.m. | 6 hours, 44 minutes ago

Description : Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Application Express. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-50105 – Oracle Universal Work Queue HTTP Unauthorized Access and Data Manipulation

Next Article CVE-2025-50062 – Oracle PeopleSoft Global Payroll Core HTTP Low Privilege Remote Unauthorized Access and Data Modification Vulnerability

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-50067 – Oracle Application Express Strategic Planner Starter App HTTP Takeover Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-5272 – Firefox Memory Corruption Vulnerability

CVE-2025-27817 – Apache Kafka Client Arbitrary File Read and SSRF Vulnerability

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

CVE-2025-43844 – Apache Retrieval-Based Voice Conversion WebUI Command Injection Vulnerability

Seriot – serial monitor and serial plotter

All You Need to Know About Sildenafil: Uses, Benefits, and Precautions

How to Document Governing Procedures for Open-Source Communities

CVE-2025-4378 – Ataturk University ATA-AOF Mobile Application Cleartext Transmission and Hard-coded Credentials Vulnerability

CVE-2025-50067 – Oracle Application Express Strategic Planner Starter App HTTP Takeover Vulnerability

Related Posts