CVE-2025-61882
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-05

Last updated on: 2025-10-27

Assigner: Oracle

Description
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-05
Last Modified
2025-10-27
Generated
2026-06-13
AI Q&A
2025-10-05
EPSS Evaluated
2026-06-12
NVD
CVE-2025-61882
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle concurrent_processing From 12.2.3 (inc) to 12.2.14 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-61882 is a critical security vulnerability in the Oracle Concurrent Processing component of Oracle E-Business Suite (versions 12.2.3 through 12.2.14). It allows an unauthenticated attacker to remotely exploit the system over a network via HTTP without needing any credentials or user interaction. Successful exploitation can lead to remote code execution, enabling the attacker to take over the Oracle Concurrent Processing service. [1]

Impact Analysis

This vulnerability can have severe impacts including full compromise of the Oracle Concurrent Processing system. An attacker can gain control remotely, leading to loss of confidentiality, integrity, and availability of the affected system. This means sensitive data could be exposed or altered, and system operations could be disrupted or taken offline. [1]

Detection Guidance

Detection can be performed by monitoring network traffic for HTTP GET and POST requests originating from or targeting suspicious IP addresses such as 200.107.207.26 and 185.181.60.11. Additionally, searching for command patterns like `sh -c /bin/bash -i >& /dev/tcp/ / 0>&1` in system logs or process activity can indicate exploitation attempts. Hashes of known exploit files (SHA-256) can be used to scan file systems for presence of malicious files. Example commands include using network monitoring tools (e.g., tcpdump, Wireshark) to filter HTTP traffic involving these IPs, and using grep or similar tools to search logs for the suspicious shell command pattern. [1]

Mitigation Strategies

Immediate mitigation steps include applying the patches provided in the Oracle Security Alert for CVE-2025-61882, which require the October 2023 Critical Patch Update as a prerequisite. If running unsupported versions, upgrade to supported versions under Premier or Extended Support to receive patches. Additionally, restrict network access to the Oracle Concurrent Processing component, monitor for indicators of compromise, and implement network-level controls to block suspicious IP addresses and traffic patterns. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61882. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart