Oracle Enterprise Manager Base Platform’s Extensibility Framework contains a flaw that allows a high‑privileged attacker who has already logged on to the host machine to gain complete control of the platform. Once exploited, the attacker can read, modify, and delete any sensitive data and disrupt data collection processes, leading to confidentiality, integrity, and availability loss. This weakness is consistent with improper privilege management and results in a scope change when the platform’s internal components are compromised.

Oracle Enterprise Manager Base Platform, versions 13.5 and 24.1, as identified by the CNA and listed in the affected‑versions field.

The CVSS base score of 8.2 denotes a high severity, while the EPSS score of less than 1 % indicates that, at present, exploitation is unlikely to occur in the wild. The vulnerability is not included in the CISA KEV catalog. The attack requires a local attacker with elevated privileges; therefore, an internal threat actor who can gain host‑level access can exploit the flaw, potentially taking over the entire platform. No public exploits are reported, but the critical scope and the ability to fully compromise the system elevate the risk for affected environments.