Oracle Security Alert Advisory - CVE-2025-61882
Essential information
- Published
- 06/10/2025 07:59
- Modified
- 06/10/2025 09:03
- Tags
- 2025-10-06 CVE-2025-61882 oracle e-business suite remote code execution security alert
- Related entities
- 1 vulnerabilities (cve), 5 observables, 6 techniques (mitre)
Description
A critical security vulnerability (CVE-2025-61882) has been identified in Oracle E-Business Suite versions 12.2.3-12.2.14. This flaw is remotely exploitable without authentication, potentially leading to remote code execution. The vulnerability affects the BI Publisher Integration component of Oracle Concurrent Processing and has a CVSS v3.1 base score of 9.8. Oracle strongly advises customers to apply the provided security updates promptly. Indicators of compromise include suspicious IP addresses, specific command patterns, and file hashes. The alert also emphasizes the importance of staying on actively-supported versions and applying all security patches without delay.