Oracle E-Business Suite - RCE (CVE-2025-61882)

CVE-2025-61882 is a critical vulnerability in the BI Publisher Integration component of Oracle Concurrent Processing within Oracle E-Business Suite versions 12.2.3 through 12.2.14. This flaw allows unauthenticated attackers with network access via HTTP to easily compromise the affected system, potentially resulting in a complete takeover. Exploitation could lead to severe impacts on confidentiality, integrity, and availability, making it a prime target for remote attacks.

CrowdSec has been tracking this vulnerability and its exploits since 9th of October 2025.

Insights from the CrowdSec network reveal that the attackers trying to exploit CVE-2025-61882 are composed of a fairly even mix of opportunistic and targeted actors. Some attackers employ preliminary reconnaissance, while others use indiscriminate scanning. Data from the CrowdSec community also indicates a gradual decrease in attacks targeting CVE-2025-61882. While still present in the wild, exploitation levels have dropped noticeably week-over-week. This may signal that the vulnerability is becoming less relevant or that defenses are improving fast enough for attackers to lose interest.

Attackers exploit Oracle E-Business Suite by sending crafted requests to endpoints such as /OA_HTML/help/../ieshostedsurvey.jsp and /OA_HTML/configurator/UiServlet, enabling unauthenticated remote code execution and potential system compromise.