CVE-2025-61882

Published Oct 5, 2025

Last updated 5 months ago

Exploit knownCVSS critical 9.8
Oracle Concurrent Processing
Supply chain

Overview

Description
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Source
secalert_us@oracle.com
NVD status
Analyzed
Products
concurrent_processing

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Oracle E-Business Suite Unspecified Vulnerability
Exploit added on
Oct 6, 2025
Exploit action due
Oct 27, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-287

Social media

Hype score
Not currently trending

  1. The following weaponized vulnerabilities have been added to our n-day feed: - CVE-2025-61882: Oracle EBS - RCE - CVE-2026-24423: SmarterMail - RCE - CVE-2026-20941: Host Process - LPE - 0DAY-2026-0001: Visual Studio - Info Disclosure https://t.co/Nw6eZdtCs8

    @crowdfense

    26 Feb 2026

    1625 Impressions

    6 Retweets

    25 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  2. Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it trac... https://t.co/eRjR1hPeDr

    @SecurityAid

    14 Feb 2026

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #CVE 🚨 Oracle Security Alert: CVE-2025-61882 Oracle confirms a critical unauthenticated RCE in EBS, actively exploited in the wild. CVSS 9.8 Critical Unauthenticated remote exploitation EBS 12.2.3–12.2.14 Full RCE Active exploitation observed Source: https://t.co/BRUfwL

    @Cybermap_Group

    27 Jan 2026

    8 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🔥 𝐏𝐨𝐂 𝐑𝐞𝐥𝐞𝐚𝐬𝐞𝐝 𝐟𝐨𝐫 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐎𝐫𝐚𝐜𝐥𝐞 𝐄-𝐁𝐮𝐬𝐢𝐧𝐞𝐬𝐬 𝐒𝐮𝐢𝐭𝐞 𝐅𝐥𝐚𝐰 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐞𝐝 𝐛𝐲 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫

    @PurpleOps_io

    26 Jan 2026

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Public PoC released for critical Oracle E-Business Suite RCE (CVE-2025-61882). Ransomware gangs are actively exploiting this CVSS 9.8 flaw. Patch now. #Oracle #CVE202561882 #PublicPoC #CyberSecurity #RCE #Ransomware #InfoSec #ExploitAlert https://t.co/20D2oA5yDA

    @the_yellow_fall

    26 Jan 2026

    2364 Impressions

    18 Retweets

    36 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

  6. 昨年7月、Oracle E-Business Suiteを狙った深刻な0day攻撃が世界中で発生し、厳重な内部システムであるはずのEBSサーバがランサムウェア被害を受けた。その後、この欠陥はCVE-2025-61882として整理され、攻撃実態の一

    @yousukezan

    20 Jan 2026

    1276 Impressions

    2 Retweets

    9 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  7. Oracle E-Business Suite Authentication Bypass & RCE (CVE-2025-61882) https://t.co/1sf9H4Rnly

    @testanull

    20 Jan 2026

    9633 Impressions

    49 Retweets

    167 Likes

    71 Bookmarks

    0 Replies

    1 Quote

  8. In 2025 researchers and Oracle disclosed CVE-2025-61882, a critical unauthenticated RCE in Oracle E-Business Suite that was observed exploited in the wild and tied by multiple vendors to a large extortion campaign. Attackers used the flaw to exfiltrate business data and sent http

    @ExploitforgeLTD

    14 Jan 2026

    192 Impressions

    1 Retweet

    10 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  9. 🚨 Breaking: Logitech Hit by Massive Data Breach in Nov 2025! 🚨 Cl0p ransomware gang exploited a zero-day in Oracle E-Business Suite (CVE-2025-61882) to exfiltrate ~1.8 TB of data from Logitech's internal systems. Not a full hack, but third-party vuln exposed ops data. Logi

    @justabreach

    7 Jan 2026

    153 Impressions

    2 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. 大韓航空の職員3万名の個人データが漏洩。Cl0p集団から犯行声明。2020年に分社化された機内食・機内販売を扱うKC&D Service (Korean Air Catering & Duty-Free)社のERPサーバが被害に。Oracle E-Business Suite (EBS)のCVE-2025-61

    @__kokumoto

    31 Dec 2025

    1031 Impressions

    3 Retweets

    6 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  11. (CVE-2025-61882): A CVSS 9.8 critical flaw in the BI Publisher Integration component of Oracle Concurrent Processing. Read the full report on - https://t.co/5lCR7Gp9W2 https://t.co/CWQxubK4dg

    @cyberbivash

    31 Dec 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Cl0p Leaks 30,000 Korean Air Employee Records After Third-Party ERP Breach Cl0p claims it compromised Korean Air’s catering partner KC&D Service by exploiting an Oracle E-Business Suite zero-day (CVE-2025-61882), then leaked employee names and bank account numbers from

    @ThreatSynop

    31 Dec 2025

    350 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CL0P went fileless on Oracle EBS, then bills you later. 🧠🧾 In-memory loaders via TemplatePreviewPG; extortion lands weeks after. Patch CVE-2025-61882 and choke egress. Skim the playbook—then subscribe for the next hit. -> https://t.co/ZQqe6QeWB4 #AlphaHunt #CyberSecu

    @alphahunt_io

    19 Dec 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-61882 - Oracle E-Business Suite 0-Day vulnerability https://t.co/WKQRv7cmk0 https://t.co/ee6ENIyQSD

    @ErcanSah1n

    16 Dec 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CL0P/FIN11 turned Oracle EBS into an Airbnb—no files, just memory. “TLSv3.1” beacons now, extortion emails later. Patch CVE-2025-61882 and choke egress before finance chokes you. 🔒🕵️ Read the breakdown—then subscribe: https://t.co/ZQqe6QeWB4 #AlphaHunt #CyberSe

    @alphahunt_io

    13 Dec 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. دانشگاه فینیکس (University of Phoenix) قربانی حمله سایبری گروه باج‌افزار کلاپ (Clop) شد که با سوءاستفاده از آسیب‌پذیری روز صفر (CVE-2025-61882) در نرم‌افزار اوراکل ای‌بیزی

    @Teeegra

    3 Dec 2025

    376 Impressions

    0 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Cl0p’s latest target: Oracle EBS. The Howler Cell team unpacks the newly disclosed CVE-2025-61882 — a zero-day enabling unauthenticated remote code execution and mass ransomware attacks. This one’s a must-read for anyone managing enterprise applications. https://t.co/PyJuq8

    @iamsinghaniket

    28 Nov 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Actively exploited CVE : CVE-2025-61882

    @transilienceai

    26 Nov 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Canon Hit by Ransomware: A Canon subsidiary was compromised in a Cl0p ransomware attack exploiting an Oracle zero-day flaw (CVE-2025-61882), affecting over 100 organizations. Data theft details are under investigation.

    @Dr_venomking

    25 Nov 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 💠 𝐄𝐧𝐯𝐨𝐲 𝐀𝐢𝐫 𝐇𝐢𝐭 𝐓𝐡𝐫𝐨𝐮𝐠𝐡 𝐎𝐫𝐚𝐜𝐥𝐞 𝐕𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐭𝐲 🔹 Attack entered via Oracle E-Business Suite 🔹 CVE-2025-61882 exploited remotely 🔹 Operational systems at risk

    @Net_forte

    24 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Logitech 遭 Cl0p 勒索組織攻擊 利用 Oracle E-Business Suite 零時差漏洞(CVE-2025-61882) 從 8 月開始,持續數月 ,Cl0p 進行了大規模的資料洩露,隨後展開基於電子郵件的勒索活動 受害者包括華盛頓郵報、NHS,12+ 組織 ref:

    @lfcba8178

    24 Nov 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Oracle E-Business Suite versions 12.2.3 to 12.2.14 are vulnerable to a pre-auth RCE via a complex exploit chain (CVE-2025-61882) using SSRF, CRLF injection, path traversal, and XSLT remote execution. #OracleEBS #RCE #USA https://t.co/CXVbygNux7

    @TweetThreatNews

    24 Nov 2025

    185 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Oracle Security Alert addresses vulnerability CVE-2025-61882 and CVE-202... https://t.co/ngABSgbgZ5 via @YouTube

    @racsinfotech

    23 Nov 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Cl0p ransomware exploited a zero-day in Oracle E-Business Suite, exposing Cox Enterprises' network and sensitive data, putting 9,479 individuals at risk of identity theft and financial loss. Organizations must immediately patch vulnerability (CVE-2025-61882) and review their

    @cybernewslive

    22 Nov 2025

    144 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Cox Enterprises suffered a data breach via a zero-day exploit in Oracle E-Business Suite (CVE-2025-61882) from Aug 9-14, linked to Cl0p ransomware. Detection occurred in late Sept. Multiple firms impacted. #OracleBreach #RansomwareAttack #USA https://t.co/Sqf9ftPiOD

    @TweetThreatNews

    22 Nov 2025

    217 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  26. Oracle has been breached by Clop Ransomware via Oracle E-Business Suite zero-day CVE-2025-61882.🤔 https://t.co/NhNRLKqywx https://t.co/tKaq9a8LAm

    @HackingTeam777

    22 Nov 2025

    564 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Actively exploited CVE : CVE-2025-61882

    @transilienceai

    22 Nov 2025

    21 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  28. 🚨 CL0P ransomware continues expanding its victim list - all linked to Oracle EBS exploitation (CVE-2025-61882) Anywhere Real Estate Inc. 🇺🇸 Madison Square Garden Entertainment Corp. (MSG Entertainment) 🇺🇸 Zain Group 🇰🇼 Nama Group 🇴🇲 Hypertherm Associat

    @Ransom_DB

    21 Nov 2025

    527 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. これの続きですね、ランサムウェアCL0P 「Oracle EBSのサイバー攻撃 キャンペーン、Cl0p(Clop)が30社をリークサイトに掲載(CVE-2025-61882,CVE-2025-61884)」 https://t.co/yyE6CEzFJe

    @NobMiwa

    21 Nov 2025

    1652 Impressions

    2 Retweets

    7 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 Ransomware group "CL0P" continues listing high-profile victims exploited via Oracle EBS (CVE-2025-61882) Oracle Corporation 🇺🇸 Broadcom Inc. 🇺🇸 Canon Inc. 🇯🇵 Michelin 🇫🇷 Sumitomo Chemical 🇯🇵 Mazda Motor 🇯🇵 Abbott Laboratories 🇺🇸 Est

    @Ransom_DB

    20 Nov 2025

    2061 Impressions

    3 Retweets

    10 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  31. BREAKING Oracle has been breached by Clop Ransomware via Oracle E-Business Suite zero-day CVE-2025-61882. @Oracle https://t.co/alyZ6etD4v

    @AlvieriD

    20 Nov 2025

    33533 Impressions

    55 Retweets

    308 Likes

    106 Bookmarks

    7 Replies

    1 Quote

  32. 🚨 Ransomware group "CL0P" continues listing high-profile victims exploited via Oracle EBS (CVE-2025-61882) Cytiva (formerly GE Healthcare Life Sciences) 🇺🇸 Tulane University 🇺🇸 The Research Foundation for SUNY (State University of New York) 🇺🇸 Life Fitness

    @Ransom_DB

    19 Nov 2025

    368 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  33. Logitech hit by Cl0p’s Oracle EBS zero-day (CVE-2025-61882). https://t.co/rlr0qvdyxP Adrian Culley: #Cl0p is now doing its own research and weaponizing flaws before defenders spot them.➡️ Don’t wait to end up on a leak site—simulate these attack paths and close the gap

    @safebreach

    18 Nov 2025

    35 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. ALERT: 🔥 NEW ZERO-DAY TARGETS & ZERO-DAY BREACHES! Cl0p's stealthy Oracle E-Business Suite exploit CVE-2025-61882 campaign is escalating, & we're tracking confirmed breaches at major names including The Washington Post & Allianz UK. What's the RISK for YOUR systems

    @ghostednews

    18 Nov 2025

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. Logitech’s ยืนยันแล้วว่าข้อมูลหลุดจริง Hacker ใช้ Zero-Day (CVE-2025-61882) Hacker แฮคผ่าน Oracle E-Business ระบบการเงิน/ธุรกิจ ช่วงหลังๆ Hacker น

    @Sarnaxt

    17 Nov 2025

    344 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  36. Logitech confirma una filtración de datos tras un ataque de extorsión por parte del ransomware Clop Mediante vulnerabilidad Oracle E-Business Suite zero-day, CVE-2025-61882 https://t.co/4W3QDo2cQV… https://t.co/bVjdj4zEZQ

    @teamsixinvestig

    16 Nov 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Actively exploited CVE : CVE-2025-61882

    @transilienceai

    16 Nov 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  38. #Cybercriminals #VulnerabilityReport CL0P Extortion: Google/Mandiant Expose Zero-Day RCE in Oracle E-Business Suite (CVE-2025-61882) https://t.co/pJc0dqNqaY

    @Komodosec

    16 Nov 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  39. 🚨 Clop Hits Logitech With 1.8 TB Data Theft via Oracle Zero-Day Logitech confirmed a breach where Clop extortion gang exfiltrated 1.8 TB of data exploiting Oracle E-Business Suite CVE-2025-61882. What's notable: Clop has a long history weaponizing zero-days for mass data

    @the_c_protocol

    15 Nov 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Logitech confirma una filtración de datos tras un ataque de extorsión por parte del ransomware Clop Mediante vulnerabilidad Oracle E-Business Suite zero-day, CVE-2025-61882 https://t.co/LbuCip9NAb https://t.co/4Yr6XbeFmw

    @elhackernet

    15 Nov 2025

    3661 Impressions

    6 Retweets

    25 Likes

    3 Bookmarks

    2 Replies

    0 Quotes

  41. Cl0P ransomware exploits Oracle EBS zero-day (CVE-2025-61882) to breach Entrust. Organizations must patch systems and enhance security measures. Link: https://t.co/Xw5ESGbUlu #Cybersecurity #Ransomware #Oracle #Cl0P #ZeroDay #Breaches #Security #Patch #Systems #Entrust #Exploit h

    @dailytechonx

    15 Nov 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. ⚠️ Logitech confirms breach after CL0P extortion #Logitech filed an 8-K confirming data exfiltration with no product/operations impact. Breach via third-party 0day, likely Oracle E-Business Suite (CVE-2025-61882). CL0P claims 1.8TB; firm says no ID or card data accessed. ht

    @ransomnews

    15 Nov 2025

    145 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Cl0p攻撃組織がOracle EBS狙い撃ち!30社被害で脆弱性CVE-2025-61882/61884悪用か https://t.co/ZUctvzqspk

    @torinome_navi

    15 Nov 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Cl0p’s latest target: Oracle EBS. The Howler Cell team unpacks the newly disclosed CVE-2025-61882 a zero-day enabling unauthenticated remote code execution and mass ransomware attacks. This one’s a must-read for anyone managing enterprise applications. https://t.co/LvNTsRkYuO

    @mrbr0wnf0x

    15 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. Cl0Pの静かな攻撃【ワシントンポストも被害!】無認証でOracle EBS侵害 ゼロデイ脆弱性「CVE-2025-61882」RCEの悪用の仕... https://t.co/jzmNVdUgzk via @YouTube

    @CyberTaro318

    15 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. October 2025 ransomware attacks hit 623 incidents, up 30% month-over-month. Qilin led with 210 victims, exploiting vulnerabilities like CVE-2025-61882 and supply-chain tactics. #RansomwareTrends #OracleBreach #Qilin https://t.co/cGqSNfo6OR

    @TweetThreatNews

    14 Nov 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Entrust has been breached by Clop Ransomware via CVE-2025-61882. @Entrust_Corp https://t.co/aAuOCKW9Uf

    @AlvieriD

    14 Nov 2025

    2152 Impressions

    10 Retweets

    20 Likes

    7 Bookmarks

    0 Replies

    1 Quote

  48. 🚨Cyberattack Alert ‼️ 🇯🇵Japan - SATO Cl0p hacking group claims to have breached SATO. N.B: A zero-day vulnerability in Oracle E-Business Suite is under active exploitation by the Cl0p ransomware group. The vulnerability is tracked as CVE-2025-61882 and has a CVSS

    @H4ckmanac

    14 Nov 2025

    11485 Impressions

    39 Retweets

    54 Likes

    20 Bookmarks

    3 Replies

    7 Quotes

  49. 🚨 Ransomware group "Cl0P" continues listing victims exploited via Oracle EBS (CVE-2025-61882) Entrust Corporation - 🇺🇸 GlobalLogic - 🇺🇸 AFL Global - 🇺🇸 Integra LifeSciences - 🇺🇸 Maritz Inc - 🇺🇸 Helix Energy Solutions Group Inc - 🇺🇸 TPI Comp

    @Ransom_DB

    13 Nov 2025

    751 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  50. Oracle EBSのゼロデイを悪用したサイバー攻撃(CVE-2025-61882) - 合同会社ロケットボーイズ https://t.co/yGmdNrub1C #izumino_trend

    @sec_trend

    12 Nov 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.CVE-2025-40551
  2. SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that if exploited, would allow a malicious actor to execute actions and methods that should be protected by authentication.CVE-2025-40552
  3. SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk.CVE-2025-40554
  4. SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication.CVE-2025-40553
  5. SolarWinds Web Help Desk Security Control Bypass VulnerabilityCVE-2025-40536

References

Sources include official advisories and independent security research.