COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-61882

CVE-2025-61882

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-10-06
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-61882
⚡ RCE ⌖ exploited in the wild shame 85/100 ransomwareexploited-in-wildunpatchedrce

An unauthenticated remote attacker can take over Oracle E-Business Suite's BI Publisher Integration component via HTTP, leading to full system compromise.

Oracle E-Business Suite's BI Publisher Integration component contains an unspecified vulnerability allowing unauthenticated attackers to compromise Oracle Concurrent Processing via HTTP. This failure enables remote takeover of the system, directly impacting DIB organizations relying on Oracle for ERP and financial operations. Organizations must patch immediately and monitor for exploitation, as this is actively exploited in the wild and linked to ransomware campaigns.

Shame score — An unauthenticated remote attacker can take over the system, and the vulnerability is actively exploited in the wild and linked to ransomware, indicating severe negligence and avoidable risk.

Players implicated

Oracle · vendorE-Business Suite · product

Description

Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.

Affected FedRAMP products 10 in the catalog

ProductProviderStatusMatch
Aconex for Defense Oracle Authorized vendor-exact · 0.90
Federal Managed Cloud Services Oracle Authorized vendor-exact · 0.90
Fusion Cloud Oracle Authorized vendor-exact · 0.90
Government Cloud - Common Controls Oracle Authorized vendor-exact · 0.90
Oracle Cloud Infrastructure-Government Cloud Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) Oracle Authorized vendor-exact · 0.90
Oracle Enterprise Performance Management (EPM) - Moderate Oracle In Process vendor-exact · 0.90
Oracle Service Cloud Oracle Authorized vendor-exact · 0.90
Oracle Service Cloud (DOD) Oracle Authorized vendor-exact · 0.90
Taleo Cloud - U.S. Government Cloud Oracle Authorized vendor-exact · 0.90