Oracle E-Business Suite - RCE (CVE-2025-61882)

CVE-2025-61882 is a critical vulnerability in the BI Publisher Integration component of Oracle Concurrent Processing within Oracle E-Business Suite versions 12.2.3 through 12.2.14. This flaw allows unauthenticated attackers with network access via HTTP to easily compromise the affected system, potentially resulting in a complete takeover. Exploitation could lead to severe impacts on confidentiality, integrity, and availability, making it a prime target for remote attacks.

CrowdSec has been tracking this vulnerability and its exploits since 9th of October 2025.

CrowdSec network data shows that most actors exploiting CVE-2025-61882 rely on broad, untargeted scans with minimal filtering. The activity is largely automated and opportunistic in nature. Additionally, according to week-over-week analysis by CrowdSec, exploitation of CVE-2025-61882 is surging. Attack volumes are spiking well above historical norms, indicating widespread and escalating interest from threat actors. CVE-2025-61882 is currently experiencing high visibility and active exploitation across the internet.

Attackers exploit Oracle E-Business Suite by sending crafted requests to endpoints such as /OA_HTML/help/../ieshostedsurvey.jsp and /OA_HTML/configurator/UiServlet, enabling unauthenticated remote code execution and potential system compromise.