CVE-2025-21547CRITICAL 9.1EPSS p41.5%

CVE-2025-21547CVE-2025-21547

Description

Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 9.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.55% probability of exploitation · percentile 41.5% · 2026-06-18T12:00:27Z
Published2025-01-21
Last modified2025-06-23

Underlying weaknesses· 1

CWE-400

References

  1. https://www.oracle.com/security-alerts/cpujan2025.html

1

TypeTargetConfidenceTier
WeaknessUncontrolled Resource Consumptioncwe-4000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-21967
CVE
CVE-2025-21516
CVE
CVE-2025-21556
CVE
CVE-2025-21506
CVE
CVE-2025-21535
CVE
CVE-2025-21564
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.