SB20260120167 - Multiple vulnerabilities in Siebel CRM Cloud Applications
Published: January 20, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Incorrect calculation (CVE-ID: CVE-2025-5372)
The vulnerability allows a remote user to perform MitM attack.
The vulnerability exist due to incorrect calculation within the ssh_kdf() function responsible for key derivation when built with OpenSSL versions older than 3.0. A remote user can compromise the integrity of the SSH session.
2) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2025-53643)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to not parsing trailer sections of an HTTP request. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
3) Improper input validation (CVE-ID: CVE-2025-53547)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Configuration (Helm) component in Oracle Communications Cloud Native Core Network Function Cloud Native Environment. A local non-authenticated attacker can exploit this vulnerability to execute arbitrary code.
4) Buffer overflow (CVE-ID: CVE-2025-6965)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing aggregated terms. A remote attacker can pass specially crafted input to the application where the number of aggregate terms exceeds the number of columns available, trigger memory corruption and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.