CVE-2025-21557
Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
We have discovered 18 live websites that are affected by CVE-2025-21557.
Affected Software
| Product |  Oracle APEX |
| Category | Landing Page Builders |
| Vulnerable Domains | 18 live websites (100% of Oracle APEX install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Details
- Published - Jan 21, 2025
- Updated - Feb 4, 2025
CVE References
Website Distribution by Country
Number of websites using CVE-2025-21557 United States | 3 websites |
 India | 2 websites |
 Nigeria | 2 websites |
 Austria | 1 websites |
 Australia | 1 websites |
 Switzerland | 1 websites |
 Denmark | 1 websites |
 Spain | 1 websites |
 Croatia | 1 websites |
 Mexico | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-21557| .com | 6 websites |
| .at | 1 websites |
| .com.au | 1 websites |
| .dk | 1 websites |
| .es | 1 websites |
| .net | 1 websites |
| .pl | 1 websites |
| .se | 1 websites |
Websites affected by CVE-2025-21557
Top websites that are affected by CVE-2025-21557. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.com | India | **,***,*** | |
| ******.com | United States | **,***,*** | |
| **************.************.se |  Sweden | **,***,*** | |
| ********.pt |  Portugal | **,***,*** | |
| **.****.***.ps |  Palestine | **,***,*** | |
| **.*****.pl | Switzerland | **,***,*** | |
| ********.*******.com | United States | **,***,*** | |
| **.*****.at | Austria | **,***,*** | |
| ****.*******.com | Nigeria | **,***,*** | |
| ****.******.es | Spain | **,***,*** |
FAQ
A total of 18 websites have been identified as vulnerable to CVE-2025-21557, based on global website indexing conducted by WebTechSurvey.
The Oracle APEX is affected by the CVE-2025-21557 vulnerability.
Oracle APEX versions up to and including 24.1 are vulnerable to CVE-2025-21557.