Exposures › CVE-2025-61882
An unauthenticated remote attacker can take over Oracle E-Business Suite's BI Publisher Integration component via HTTP, leading to full system compromise.
Oracle E-Business Suite's BI Publisher Integration component contains an unspecified vulnerability allowing unauthenticated attackers to compromise Oracle Concurrent Processing via HTTP. This failure enables remote takeover of the system, directly impacting DIB organizations relying on Oracle for ERP and financial operations. Organizations must patch immediately and monitor for exploitation, as this is actively exploited in the wild and linked to ransomware campaigns.
Shame score — An unauthenticated remote attacker can take over the system, and the vulnerability is actively exploited in the wild and linked to ransomware, indicating severe negligence and avoidable risk.
Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.
| Product | Provider | Status | Match |
|---|---|---|---|
| Aconex for Defense | Oracle | Authorized | vendor-exact · 0.90 |
| Federal Managed Cloud Services | Oracle | Authorized | vendor-exact · 0.90 |
| Fusion Cloud | Oracle | Authorized | vendor-exact · 0.90 |
| Government Cloud - Common Controls | Oracle | Authorized | vendor-exact · 0.90 |
| Oracle Cloud Infrastructure-Government Cloud | Oracle | Authorized | vendor-exact · 0.90 |
| Oracle Enterprise Performance Management (EPM) | Oracle | Authorized | vendor-exact · 0.90 |
| Oracle Enterprise Performance Management (EPM) - Moderate | Oracle | In Process | vendor-exact · 0.90 |
| Oracle Service Cloud | Oracle | Authorized | vendor-exact · 0.90 |
| Oracle Service Cloud (DOD) | Oracle | Authorized | vendor-exact · 0.90 |
| Taleo Cloud - U.S. Government Cloud | Oracle | Authorized | vendor-exact · 0.90 |