The Oracle OCI CLI product version 3.77 contains a flaw that allows an unauthenticated network attacker to create or overwrite files outside the intended directory when performing import operations. This uncontrolled file placement can lead to arbitrary files being written on the host system, potentially enabling execution of malicious code or manipulation of the CLI configuration. Because the issue is not mitigated by authentication checks, any user with network access to the CLI can trigger it, resulting in a compromise of the integrity of the system.

The flaw affects Oracle Corporation’s Oracle OCI CLI, part of the Oracle Open Source Projects, specifically version 3.77. No other versions are documented as impacted. Systems running this version should be considered vulnerable until updated. The CLI is typically used in cloud infrastructure management, so the risk impacts any environment where Oracle OCI CLI is installed and accessible over the network.

The CVSS base score of 6.1 indicates a medium severity vulnerability. The EPSS score is not available, and the flaw is not listed in CISA KEV. The attack vector is network-based, requiring no authentication. An attacker can exploit the flaw by issuing an import command with a crafted file path that resolves outside the default directory, causing the CLI to write the payload to an arbitrary location. Once the file is placed, the attacker may use it to alter configuration or execute code. Since the flaw is relatively simple to trigger and does not require special privileges, the risk to affected systems is significant, especially in environments where the CLI has elevated permissions or access to critical files.