¡¾Îó²îͨ¸æ¡¿Oracle Scripting iSurveyÄ£¿£¿éÔ¶³Ì´úÂëÖ´ÐÐÎó²î(CVE-2025-30727)

Ðû²¼Ê±¼ä 2025-04-16

Ò»¡¢Îó²î¸ÅÊö


Îó²îÃû³Æ

Oracle Scripting iSurveyÄ£¿£¿éÔ¶³Ì´úÂëÖ´ÐÐÎó²î

CVE   ID

CVE-2025-30727

Îó²îÀàÐÍ

´úÂëÖ´ÐÐ

·¢Ã÷ʱ¼ä

2025-04-16

Îó²îÆÀ·Ö

9.8

Îó²îÆ·¼¶

ÑÏÖØ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

²»ÐèÒª

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

δ·¢Ã÷


Oracle ScriptingÊÇOracle E-Business SuiteÖеÄÒ»¸ö×é¼þ£¬£¬£¬ÓÃÓÚ½¨ÉèºÍÖÎÀíÔÚÏßÊӲ졢±íµ¥¼°¶¯Ì¬¾ç±¾¡£¡£ËüÔÊÐíÆóҵͨ¹ý¿É¶¨ÖÆµÄ¾ç±¾ÍøÂçÓû§Êý¾Ý£¬£¬£¬Ö§³ÖÓªÒµÁ÷³Ì×Ô¶¯»¯ºÍ¾öÒéÖ§³Ö¡£¡£Oracle ScriptingÌṩÁËÎÞаµÄÎʾíÉè¼Æ¹¤¾ß£¬£¬£¬Äܹ»ÓëÆäËûE-Business SuiteÄ£¿£¿é¼¯³É£¬£¬£¬ÊµÏÖÊý¾ÝµÄ×Ô¶¯»¯ÍøÂçÓë´¦Öóͷ£¡£¡£¸ÃÄ£¿£¿éÆÕ±éÓ¦ÓÃÓÚ¿Í»§ÊӲ졢·´ÏìÍøÂç¡¢ºÏ¹æÐÔÆÀ¹ÀµÈ³¡¾°¡£¡£


2025Äê4ÔÂ16ÈÕ£¬£¬£¬ÈËÉú¾ÍÊDz©¼¯ÍÅVSRC¼à²âµ½OracleÐû²¼µÄCVE-2025-30727Ç徲ͨ¸æ¡£¡£Í¨¸æÖ¸³ö£¬£¬£¬Oracle E-Business Suite µÄ Oracle Scripting ²úÆ·£¨×é¼þ£ºiSurvey Module£©±£´æÒ»ÏîÑÏÖØÎó²î£¬£¬£¬Î´ÈÏÖ¤µÄ¹¥»÷Õß¿Éͨ¹ýHTTPÍøÂç»á¼ûÔ¶³ÌʹÓøÃÎó²î£¬£¬£¬¿ÉÄܵ¼ÖÂOracle ScriptingÔâµ½¿ØÖÆ¡£¡£ÀÖ³ÉʹÓôËÎó²îµÄ¹¥»÷¿ÉÄܵ¼ÖÂOracle Scripting±»ÍêÈ«¹¥ÏÝ¡£¡£Îó²îÆÀ·Ö9.8·Ö£¬£¬£¬Îó²î¼¶±ðΪÑÏÖØ¡£¡£


¶þ¡¢Ó°Ïì¹æÄ£


12.2.3 ¡Ü Oracle E-Business Suite ¡Ü 12.2.14


Èý¡¢Çå¾²²½·¥


3.1 Éý¼¶°æ±¾


¹Ù·½ÒÑÐû²¼Çå¾²²¹¶¡£¬£¬£¬½¨ÒéÊÜÓ°ÏìÓû§¾¡¿ì¸üС£¡£


ÏÂÔØÁ´½Ó£ºhttps://www.oracle.com/security-alerts/cpuapr2025.html/


3.2 ÔÝʱ²½·¥


ÔÝÎÞ¡£¡£


3.3 ͨÓý¨Òé


? °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£
ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£
ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£
ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔ­Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏÞ¶È¡£¡£
ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£


3.4 ²Î¿¼Á´½Ó


https://www.oracle.com/security-alerts/cpuapr2025.html
https://nvd.nist.gov/vuln/detail/CVE-2025-30727