CVE ID
CVE-2025-61882
Vulnerability Name
Oracle E-Business Suite Unspecified Vulnerability
- Project: Oracle
- Product: E-Business Suite
Date
- Date Added: 2025-10-06
- Due Date: 2025-10-27
Description
Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61882
Related Security News
- CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
- Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets
- American Airlines subsidiary Envoy confirms Oracle data theft attack
- Oracle silently fixes zero-day exploit leaked by ShinyHunters
- Oracles silently fixes zero-day exploit leaked by ShinyHunters
- Oracle releases emergency patch for new E-Business Suite flaw
- Harvard investigating breach linked to Oracle zero-day exploit
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
- Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
- CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
Top comments (0)