Unrated severityCISA KEVNVD Advisory· Published Oct 5, 2025· Updated Feb 26, 2026
CVE-2025-61882
CVE-2025-61882
Description
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected products
312.2.3-12.2.14+ 1 more
- (no CPE)range: 12.2.3-12.2.14
- (no CPE)range: 12.2.3
- Range: 12.2.3-12.2.14
Patches
Vulnerability mechanics
References
1- www.oracle.com/security-alerts/alert-cve-2025-61882.htmlmitrevendor-advisory
News mentions
6- Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the WildThe Hacker News · Jun 30, 2026
- Nissan Confirms Data Breach Following Oracle PeopleSoft 0-Day AttacksCyber Security News · Jun 30, 2026
- Hackers now exploit critical Oracle E-Business flaw in attacksBleepingComputer · Jun 29, 2026
- The State of Ransomware – Q1 2026Check Point Research · May 11, 2026
- Ransomware Tactics, Techniques, and Procedures in a Shifting Threat LandscapeMandiant Threat Intelligence · Mar 16, 2026
- Risky Business #810 -- Data extortion attacks have a silver liningRisky Business · Oct 15, 2025