—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code execution vulnerability in Oracle E-Business Suite 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Systems Affected

Oracle E-Business Suite versions 12.2.3-12.2.14

Overview

A remote code execution vulnerability has been reported in Oracle E-Business Suite which could be exploited by a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

Large enterprises, industry sectors and IT departments use Oracle E-Business Suite (EBS) to manage and streamline core business operations.

Risk Assessment:

High risk of data breach,  service disruption, system instability.

Impact Assessment:

Potential for remote code execution, data theft, or complete system compromise.

Description

Oracle E-Business Suite (EBS) is an integrated set of enterprise applications designed to help organizations automate and manage core business functions such as finance, human resources, supply chain, and more. It supports global operations and can be deployed on-premises or in the cloud.

This vulnerability exists in Oracle E-Business Suite due to improper validation of user supplied input, allowing unauthorized access to internal components. A remote attacker could exploit this vulnerability without authentication i.e., over a network without requiring a username and password.

Successful exploitation of this vulnerability could allow a remote attacker to compromise the affected system.

Note: This vulnerability (CVE-2025-61882) is being exploited in the wild. Users are advised to apply patches urgently.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

References

Oracle

https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

Hacker News

https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html

CVE Name

CVE-2025-61882

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjlFeYACgkQ3jCgcSdc

ys9qgg/+LWvj02qh4OsNMA8bt5miVsSBKCNrgPAmRHyjyjPVTJfG3SMOPrUe6BrB

Ot0t9G19EtDJ6oSta6ooQw8Zhpd7WCc2l2th0VNPdLKZgx/epxkAkFzNmHqJm5IV

0XeIKgnIp9q/7ZmLa0vTivixoZC+ERSiHuhpzlljR6h3uoJFPZazVMEGLU4sM5Fy

nYw5dN6w3i+OW5yjOvYST5cT7QdRulrkIdv4DnR5W+/8SZjxfY7Ty8TwCLQNr9sB

9HcBC4ioTrLsZuYkYOSCU4N0LX4vfnchSdAFBSREaBPxISrax90eQpmNkb/vmC/1

hvrWT+TGwkuKBFPSuWrlzfi565HIyqvjmagy2CTusu3pwoUiMWgsqW3B3C4VWwQJ

jnLW1/qx3IuV4JN/9kuPnshC8tdWpd+fKEOBgeTgjQ4fxkUIwkQg9I9mdtZx2ODx

4OfrsuDcOx2GVG15ntDAa9mCPbCx7SHumVuUCZ9MC58A+t7TWM/19QLoobId7jRx

3/7iuEagKFNF/Wmjpett4NFz5mS6Wx8UcrftXNZ25fn4ouGe2tXBw18lZO1PP1rd

jD7CS+SveUiSnXDIc0lse330zgr+5yygaLKm52kTmFcL9obLCbGfBcD3gnegDoTR

EGUvNXAB/lvO3RT5NZVT74MkptZJCr7aAzNHiqp4GxDWsA2LBC0=

=SCAh

—–END PGP SIGNATURE—–