Oracle Database Takeover Vulnerability for Low Privileged Users

Vulnerability

A vulnerability has been identified in the Oracle Database component of Oracle Database Server, specifically in versions 19.3 through 19.27 and 23.4 through 23.8. This easily exploitable vulnerability allows a low privileged attacker with Create Session and Create Procedure privileges, and network access via Oracle Net, to compromise the Oracle Database. Successful exploitation can lead to a complete takeover of the database.

Impact

Exploitation of this vulnerability can result in the unauthorized takeover of the Oracle Database.

Added: Jul 15, 2025, 11:17 PM

Updated: Jul 15, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Database Takeover Vulnerability for Low Privileged Users

Vulnerability

Impact

Affected Products

Oracle Database

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating