Primary

Context

Oracle Hyperion Planning and Budgeting Cloud Service EPM Agent Vulnerability Allowing Unauthorized Data Modification

Vulnerability

A vulnerability exists in the Oracle Planning and Budgeting Cloud Service component of Oracle Hyperion, specifically in version 25.04.07. This easily exploitable vulnerability allows a high-privileged attacker with access to the infrastructure where the service runs to compromise the application. Successful exploitation, which requires human interaction from a third party, can lead to unauthorized creation, deletion, or modification of critical data, or any data accessible within Oracle Planning and Budgeting Cloud Service.

Impact

Exploitation of this vulnerability could result in unauthorized changes to critical data or all data accessible within Oracle Planning and Budgeting Cloud Service.

Remediation

Users are advised to update the EPM Agent. For more information on downloading the EPM Agent, please refer to the Oracle documentation.

Added: Jan 20, 2026, 11:35 PM

Updated: Jan 20, 2026, 11:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.1

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.1

remediation

0.0

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle Hyperion Planning and Budgeting Cloud Service EPM Agent Vulnerability Allowing Unauthorized Data Modification

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating