A critical security vulnerability (CVE-2025-61882) has been identified in Oracle E-Business Suite versions 12.2.3-12.2.14. This flaw is remotely exploitable without authentication, potentially leading to remote code execution. The vulnerability affects the BI Publisher Integration component of Oracle Concurrent Processing and has a CVSS v3.1 base score of 9.8. Oracle strongly advises customers to apply the provided security updates promptly. Indicators of compromise include suspicious IP addresses, specific command patterns, and file hashes. The alert also emphasizes the importance of staying on actively-supported versions and applying all security patches without delay. Author: AlienVault
Related Tags:
oracle e-business suite
security alert
remote code execution
T1133
T1505.003
T1078
T1210
T1190
T1021
Associated Indicators:
AA0D3859D6633B62BCCFB69017D33A8979A3BE1F3F0A5A4BF6960D6C73D41121
6FD538E4A8E3493DDA6F9FCDC96E814BDD14F3E2EF8AA46F0143BFF34B882C1B
200.107.207.26
185.181.60.11