CVE-2025-62289

EUVD-2025-35225

21.10.2025, 20:20

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems).   The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
oracle	CNA	4.9 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Affected Products (NVD)

Vendor	Product	Version
oracle	zfs_storage_appliance_kit	8.8

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-267 - Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

References

https://www.oracle.com/security-alerts/cpuoct2025.html