Oracle E-Business Suite - RCE (CVE-2025-61882)

CVE-2025-61882 is a critical vulnerability in the BI Publisher Integration component of Oracle Concurrent Processing within Oracle E-Business Suite versions 12.2.3 through 12.2.14. This flaw allows unauthenticated attackers with network access via HTTP to easily compromise the affected system, potentially resulting in a complete takeover. Exploitation could lead to severe impacts on confidentiality, integrity, and availability, making it a prime target for remote attacks.

CrowdSec has been tracking this vulnerability and its exploits since 9th of October 2025.

According to CrowdSec data, while opportunistic exploitation dominates, a portion of threat actors trying to exploit CVE-2025-61882 apply basic targeting methods such as port or service detection. This indicates emerging patterns of selective targeting. Telemetry from the CrowdSec network also shows that exploitation activity for CVE-2025-61882 remains steady week-over-week. Attack volumes are consistent with long-term trends, indicating sustained interest from threat actors. CVE-2025-61882 continues to be an active part of the threat landscape and will likely remain this way for the forseeable future.

Attackers exploit Oracle E-Business Suite by sending crafted requests to endpoints such as /OA_HTML/help/../ieshostedsurvey.jsp and /OA_HTML/configurator/UiServlet, enabling unauthenticated remote code execution and potential system compromise.