Warning: Critical Vulnerability in Oracle E-Business Suite, Patch Immediately!

• Last update: 08/10/2025
• Affected software: Salesforce CLI releases prior to:
  → 12.2.3 – 12.2.14
• Type: Unspecified
• CVE/CVSS
  → CVE-2025-61882 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sources

Oracle - https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

Risks

CVE-2025-61882 is a critical 0-day vulnerability in the Oracle E-Business Suite software, allowing for unauthenticated remote code execution. Exploiting this flaw could allow an attacker to remotely control and execute commands on the victim’s system. Therefore, this could lead to data theft, tampering, monitoring, and compromise within the connected network. This vulnerability affects the confidentiality, integrity and availability of the data on the vulnerable and possibly the connected network.

The vulnerability is actively exploited, and a PoC is available. Cl0p ransomware is actively exploiting CVE-2025-61882 in ransomware attacks.

Description

The vulnerability affects the Oracle Concurrent Processing BI Publisher Integration component and is exploited over HTTP. No specific weakness or details have been shared at this point. For more information read the Oracle security alert at: https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD NIST - https://nvd.nist.gov/vuln/detail/CVE-2025-61882