The flaw in Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit version 0.3.0 allows an unauthenticated attacker to send specially crafted HTTP requests to the application’s desktop component. This missing access control, identified as CWE‑284, leads to full compromise of the system, enabling the attacker to execute arbitrary code, read or delete confidential data, and permanently disrupt service availability. The vulnerability carries a CVSS 3.1 base score of 9.8, indicating critical severity with high impacts on confidentiality, integrity, and availability.

Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit from Oracle Corporation is the only product listed as affected. The specific vulnerable release is 0.3.0, part of the Oracle Open Source Projects suite, and the issue is limited to the desktop component of the toolkit.

The CVSS score of 9.8 marks this issue as critical, and its EPSS score of less than 1 % suggests that while exploitation is currently not common, the potential for a successful attack remains high once network access is established. The flaw is not currently listed in CISA’s KEV catalog, but its lack of authentication and the ability to achieve remote code execution make it a high‑risk vulnerability. Based on the description, the likely attack vector is the exposed HTTP interface; an attacker can exploit the flaw from any network that can reach the application’s HTTP port.