CVE-2025-61882

Analyzed
Published: 05 Oct 2025, 03:17
Last modified:21 Oct 2025, 22:45

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
v3.1 (cve.org)
EPSS Score
87.37% CRITICAL
87% probability +0.49%
KEV
Listed
CISA
1 listing
Ransomware
Known Use
Public exploits
1 found
Dark Web
Not detected

Timeline

05 Oct 2025, 03:17
Published
Vulnerability first disclosed
06 Oct 2025, 00:00
Added to CISA KEV
Oracle E-Business Suite Unspecified Vulnerability
21 Oct 2025, 22:45
Last Modified
Vulnerability information updated
27 Oct 2025, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS Metrics

  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 87.37% Percentile: 99%

Techniques & Countermeasures

  • CWE-287Improper Authentication

    When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Systems

  • oracle corporationoracle concurrent processing

    ≥ 12.2.3, ≤ 12.2.14

  • oracleconcurrent_processing

    ≥ 12.2.3, ≤ 12.2.14

References (4)