Oracle E-Business Suite Remote Code Execution Vulnerability

Release Date: 6 Oct 2025

RISK: Extremely High Risk

TYPE: Servers - Other Servers

A vulnerability has been identified in Oracle E-Business Suite. A remote attacker could exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

CVE-2025-61882 is being exploited in the wild. This vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. Hence, the risk level is rated as Extremely High Risk.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• Oracle E-Business Suite versions 12.2.3-12.2.14

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

---

Vulnerability Identifier

• CVE-2025-61882

---

Source

• Oracle

---

Related Link

• https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
• https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html
• https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/