ORACLE-CVE-2025-9900

Vulnerability Description:

Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security (LibTIFF)). The supported version that is affected is 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle AutoVue. Note: This vulnerability applies to Oracle AutoVue Office, Oracle AutoVue 2D Professional, Oracle AutoVue 3D Professional Advanced, Oracle AutoVue EDA Professional and Oracle AutoVue Electro-Mechanical Professional. Please refer to Patch Availability Document for more details. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).Vulnerability Description:

Security-in-Depth issue in Oracle Blockchain Platform (component: BCS Console (LibTIFF)). This vulnerability cannot be exploited in the context of this product.Vulnerability Description:

Vulnerability in the Oracle Communications Cloud Native Core Network Repository Function product of Oracle Communications (component: Signaling (LibTIFF)). The supported version that is affected is 25.1.204. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Cloud Native Core Network Repository Function. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Communications Cloud Native Core Network Repository Function. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).Vulnerability Description:

Vulnerability in the Oracle Communications Cloud Native Core Network Slice Selection Function product of Oracle...