CVE-2025-61882
Oracle E-Business Suite Unspecified Vulnerability - [Actively Exploited]
Description
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
INFO
Published Date :
Oct. 5, 2025, 4:15 a.m.
Last Modified :
Oct. 27, 2025, 5:08 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61882
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Consult the Oracle advisory for patch details.
- Apply the recommended security patches.
- Restart affected Oracle services.
Public PoC/Exploit Available at Github
CVE-2025-61882 has a 23 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-61882.
| URL | Resource |
|---|---|
| https://www.oracle.com/security-alerts/alert-cve-2025-61882.html | Vendor Advisory |
| https://blogs.oracle.com/security/post/apply-july-2025-cpu | Vendor Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882 | US Government Resource |
| https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/ | Press/Media Coverage |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-61882 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-61882
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
Ruby
SSRFHunter
Python
Sorumluluk Reddi Kendi sorumluluğunuzda kullanın, size ait olmayan veya tarama izninizin olmadığı altyapılarda gerçekleştireceğiniz yasa dışı faaliyetlerden sorumlu olmayacağım.
CVE-2025-61882: Oracle E-Business Suite RCE Scanner and Exploit
Python
CVE-2025-61882 — Critical Oracle EBS RCE: Analysis & Response
CVE-2025-61882: Oracle E-Business Suite RCE Scanner and Exploit
Python
CVE-2025-61882: Oracle E-Business Suite RCE Scanner and Exploit
Python
Detects Oracle E-Business Suite (CVE-2025-61882). Detection: multi-tier checks — fingerprinting, version checks, endpoint & SSRF tests, timing analysis & controlled exploitation 4 high-confidence results. Default = safe fingerprinting only. Set aggressive=true 2 enable active/probing checks use w/caution. Provided By BattalionX [email protected]
Lua
A critical pre-authentication Remote Code Execution (RCE) flaw in Oracle E-Business Suite (versions 12.2.3 - 12.2.14) allows attackers to gain full control over vulnerable servers via malicious HTTP requests - now actively exploited in the wild.
Python SQL
POC of CVE-2025-61882
Python
None
None
Python
None
Python
CVE-2025-61882
Exploit for CVE-2025-61882 (do not use without any written permission).
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-61882 vulnerability anywhere in the article.
-
CrowdStrike.com
Falcon Shield Evolves with AI Agent Visibility and Falcon Next-Gen SIEM Integration
CrowdStrike Falcon Shield will provide a centralized view of AI agents across applications and now integrates first-party SaaS telemetry into Falcon Next-Gen SIEM. CrowdStrike is introducing two power ... Read more
-
The Register
Barts Health seeks High Court block after Clop pillages NHS trust data
Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop ... Read more
-
BleepingComputer
Barts Health NHS discloses data breach after Oracle zero-day hack
Barts Health NHS Trust, a major healthcare provider in England, announced that Clop ransomware actors have stolen files from one of its databases after exploiting a vulnerability in its Oracle E-busin ... Read more
-
CrowdStrike.com
Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKS ... Read more
-
BleepingComputer
University of Phoenix discloses data breach after Oracle hack
The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. Founded in ... Read more
-
The Register
University of Pennsylvania joins list of victims from Clop's Oracle EBS raid
The University of Pennsylvania has become the latest victim of Clop's smash-and-grab spree against Oracle's E-Business Suite (EBS) customers, with the Ivy League school now warning more than a thousan ... Read more
-
BleepingComputer
University of Pennsylvania confirms new data breach after Oracle hack
The University of Pennsylvania (Penn) has announced a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. The private I ... Read more
-
CybersecurityNews
Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’
The 2025 holiday season has unleashed an unprecedented wave of cyber threats, with attackers deploying industrialized infrastructure to exploit the global surge in online commerce. This year’s threat ... Read more
-
The Hacker News
FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams
The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account takeove ... Read more
-
BleepingComputer
Dartmouth College confirms data breach after Clop extortion attack
Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. The private Ivy L ... Read more
-
CybersecurityNews
Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack
Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by th ... Read more
-
BleepingComputer
Cox Enterprises discloses Oracle E-Business Suite data breach
Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Su ... Read more
-
CrowdStrike.com
November 2025 Patch Tuesday: One Zero-Day and Five Critical Vulnerabilities Among 63 CVEs
Microsoft has addressed 63 vulnerabilities in its November 2025 security update release, almost one third from October's record-breaking 172 patches. This month's updates address one actively exploite ... Read more
-
CrowdStrike.com
CrowdStrike Named Overall Leader in 2025 KuppingerCole ITDR Leadership Compass
KuppingerCole recognizes CrowdStrike as the Overall Leader, achieving the top position in every evaluated category in its 2025 identity security report. CrowdStrike has been named the Overall Leader i ... Read more
-
CybersecurityNews
Broadcom Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack
The Cl0p ransomware group has claimed responsibility for infiltrating Broadcom’s internal systems as part of an ongoing exploitation campaign targeting Oracle E-Business Suite vulnerabilities. The hac ... Read more
-
CybersecurityNews
Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack
The notorious Clop ransomware gang has listed Oracle on its dark web leak site, alleging a successful breach of the tech giant’s internal systems. This development is part of a massive extortion campa ... Read more
-
CybersecurityNews
Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide
A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations ... Read more
-
The Cyber Express
Logitech Confirms Data Breach Following CL0P Victim Claims
Logitech International S.A. has confirmed that it was hit by a data breach, the company said in an SEC filing late last week. Logitech’s 8-K filing released on Nov. 14 was short on details, but the co ... Read more
-
Help Net Security
Logitech confirms data breach
Logitech, the Swiss multinational electronics and technology company best known for marketing computer peripherals and hardware, has suffered a data breach. “While the investigation is ongoing, at thi ... Read more
-
BleepingComputer
Logitech confirms data breach after Clop extortion attack
Hardware accessory giant Logitech has confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July. Logit ... Read more
The following table lists the changes that have been made to the
CVE-2025-61882 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Oct. 27, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882 -
Modified Analysis by [email protected]
Oct. 17, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/ Types: Press/Media Coverage -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 16, 2025
Action Type Old Value New Value Added CWE CWE-287 Removed CWE CWE-22 Removed CWE CWE-93 Removed CWE CWE-91 Removed CWE CWE-611 Removed CWE CWE-918 Removed CWE CWE-444 Added Reference https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/ Removed Reference https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Removed Reference Type https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Types: Exploit, Third Party Advisory -
Modified Analysis by [email protected]
Oct. 07, 2025
Action Type Old Value New Value -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 07, 2025
Action Type Old Value New Value Added CWE CWE-93 Added CWE CWE-91 -
Modified Analysis by [email protected]
Oct. 07, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://blogs.oracle.com/security/post/apply-july-2025-cpu Types: Vendor Advisory Added Reference Type CISA-ADP: https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Types: Exploit, Third Party Advisory -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Oct. 07, 2025
Action Type Old Value New Value Added Date Added 2025-10-06 Added Due Date 2025-10-27 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Oracle E-Business Suite Unspecified Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 07, 2025
Action Type Old Value New Value Added CWE CWE-22 Added CWE CWE-611 Added CWE CWE-918 Added CWE CWE-444 Removed CWE CWE-284 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 06, 2025
Action Type Old Value New Value Added Reference https://blogs.oracle.com/security/post/apply-july-2025-cpu Added Reference https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ -
Initial Analysis by [email protected]
Oct. 06, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:oracle:concurrent_processing:*:*:*:*:*:*:*:* versions from (including) 12.2.3 up to (including) 12.2.14 Added Reference Type Oracle: https://www.oracle.com/security-alerts/alert-cve-2025-61882.html Types: Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 06, 2025
Action Type Old Value New Value Added CWE CWE-284 -
New CVE Received by [email protected]
Oct. 05, 2025
Action Type Old Value New Value Added Description Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added Reference https://www.oracle.com/security-alerts/alert-cve-2025-61882.html