[CIVN-2025-0243] Remote Code execution vulnerability in Oracle E-Business Suite

By Published On: October 7, 2025

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Remote Code execution vulnerability in Oracle E-Business Suite 
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Systems Affected
Oracle E-Business Suite versions 12.2.3-12.2.14
Overview
A remote code execution vulnerability has been reported in Oracle E-Business Suite which could be exploited by a remote attacker to execute arbitrary code on the targeted system.
Target Audience:
Large enterprises, industry sectors and IT departments use Oracle E-Business Suite (EBS) to manage and streamline core business operations.
Risk Assessment:
High risk of data breach,  service disruption, system instability.
Impact Assessment:
Potential for remote code execution, data theft, or complete system compromise.
Description
Oracle E-Business Suite (EBS) is an integrated set of enterprise applications designed to help organizations automate and manage core business functions such as finance, human resources, supply chain, and more. It supports global operations and can be deployed on-premises or in the cloud.
This vulnerability exists in Oracle E-Business Suite due to improper validation of user supplied input, allowing unauthorized access to internal components. A remote attacker could exploit this vulnerability without authentication i.e., over a network without requiring a username and password.
Successful exploitation of this vulnerability could allow a remote attacker to compromise the affected system.
Note: This vulnerability (CVE-2025-61882) is being exploited in the wild. Users are advised to apply patches urgently.
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
References
Oracle
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
Hacker News
https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html
CVE Name
CVE-2025-61882
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjlFeYACgkQ3jCgcSdc
ys9qgg/+LWvj02qh4OsNMA8bt5miVsSBKCNrgPAmRHyjyjPVTJfG3SMOPrUe6BrB
Ot0t9G19EtDJ6oSta6ooQw8Zhpd7WCc2l2th0VNPdLKZgx/epxkAkFzNmHqJm5IV
0XeIKgnIp9q/7ZmLa0vTivixoZC+ERSiHuhpzlljR6h3uoJFPZazVMEGLU4sM5Fy
nYw5dN6w3i+OW5yjOvYST5cT7QdRulrkIdv4DnR5W+/8SZjxfY7Ty8TwCLQNr9sB
9HcBC4ioTrLsZuYkYOSCU4N0LX4vfnchSdAFBSREaBPxISrax90eQpmNkb/vmC/1
hvrWT+TGwkuKBFPSuWrlzfi565HIyqvjmagy2CTusu3pwoUiMWgsqW3B3C4VWwQJ
jnLW1/qx3IuV4JN/9kuPnshC8tdWpd+fKEOBgeTgjQ4fxkUIwkQg9I9mdtZx2ODx
4OfrsuDcOx2GVG15ntDAa9mCPbCx7SHumVuUCZ9MC58A+t7TWM/19QLoobId7jRx
3/7iuEagKFNF/Wmjpett4NFz5mS6Wx8UcrftXNZ25fn4ouGe2tXBw18lZO1PP1rd
jD7CS+SveUiSnXDIc0lse330zgr+5yygaLKm52kTmFcL9obLCbGfBcD3gnegDoTR
EGUvNXAB/lvO3RT5NZVT74MkptZJCr7aAzNHiqp4GxDWsA2LBC0=
=SCAh
—–END PGP SIGNATURE—–

Share this article