OceanBase Privilege Escalation Vulnerability in Oracle Tenant Mode

Vulnerability

A vulnerability allowing privilege escalation to SYS-level access has been identified in OceanBase's Oracle tenant mode. This issue arises when a malicious user with specific privileges executes carefully crafted commands. Tenants in MySQL mode are not affected.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation to SYS-level access within the affected OceanBase tenant.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OceanBase Privilege Escalation Vulnerability in Oracle Tenant Mode

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating