Oracle DB Server - Portable Clusterware Unauth Read via Bonjour (19.3-23.9)
CVE-2025-53047 Published on October 21, 2025
Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Bonjour to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Portable Clusterware accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).
Vulnerability Analysis
CVE-2025-53047 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-53047 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2025-53047
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-53047 are published in these products:
Affected Versions
Oracle Corporation Oracle Database Server:- Version 19.3, <= 19.28 is affected.
- Version 21.3, <= 21.19 is affected.
- Version 23.4, <= 23.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.