CVE-2025-61882
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business
Description
Description
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| oracle | e-business_suite | * |
| oracle | e-business_suite | * |
| oracle | concurrent_processing | From 12.2.3 (inc) to 12.2.14 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-918 | Server-Side Request Forgery (SSRF) |
| CWE-91 | XML Injection (aka Blind XPath Injection) |
| CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CWE-284 | Improper Access Control |
| CWE-611 | Improper Restriction of XML External Entity Reference |
| CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
How can this vulnerability be detected on my network or system? Can you suggest some commands?
What immediate steps should I take to mitigate this vulnerability?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
Meta Information
CVE Publication Date:
2025-10-05
CVE Last Modified Date:
2025-10-07
Report Generation Date:
2025-10-08
AI Powered Q&A Generation:
2025-10-05
EPSS Last Evaluated Date:
2025-10-06
NVD Report Link: