CVE-2025-61882

Analyzed

Published: 05 Oct 2025, 04:15

Last modified:27 Oct 2025, 17:08

Vulnerability Summary

Overall Risk

Critical Risk

85/100

AI Analysis

Emergency

Requires Immediate Action

AI Detection

Active in Wild

Exploitation Detected

CVSS Score

9.8 CRITICAL

CVSS v3.1 (ORACLE)

EPSS Score

84.52% CRITICAL

85% probability 0.00%

CISA KEV

Listed

Oracle

Ransomware

Known Use

Exploits

None found

Dark Web

Activity detected

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Source Identifier: secalert_us@oracle.com

CVSS	Source	Severity	Exploit.	Impact	Vector
v4.0	n/a
v3.1	secalert_us@oracle.com	9.8 CRITICAL	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/U...
v3.0	n/a
v2.0	n/a

77.70%

Current Score

0.00%

99%ile

Percentile Rank

0.00%

Loading chart...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22

Description:The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Improper Authentication CWE-287

Description:When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Vulnerability Name:Oracle E-Business Suite Unspecified Vulnerability

Added to CISA Catalog:06 Oct 2025, 00:00

Action Due:27 Oct 2025, 00:00

Known Ransomware: Ransomware

Required Action:Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Telegram Activity Detected

This vulnerability has been mentioned in monitored Telegram channels, indicating potential threat actor interest.

No known public exploit code indexed (as of 27 Oct 2025, 17:08).

Exploitation status can change quickly once PoC code appears.

Affected Configurations (CPE)

oracle concurrent_processingVulnerable

Version: *

cpe:2.3:a:oracle:concurrent_processing:*:*:*:*:*:*:*:*

URL	Tags	Source
https://blogs.oracle.com/security/post/apply-july-2025-cpu	vendor advisory	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/	exploitthird party advisory	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882	-	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882	us government resource	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/	-	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/	press/media coverage	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html	vendor advisory	secalert_us@oracle.com