CVE-2025-61882

ENISA EUVD: EUVD-2025-32142 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 12 articles Published: 2025-10-05

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

88.25%

probability

This CVE has a 88.25% probability of being exploited in the next 30 days.

0% Top 99.5th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

NVD

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected Products

Oracle Corporation

Oracle Concurrent Processing

12.2.3

oracle

concurrent processing

Oracle Corporation

Oracle Concurrent Processing

12.2.3 ≤12.2.14

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication

Exploits & PoC

George0Papasotiriou/CVE-2025-61882-Oracle-BI-Publisher-RCE

1 2026-02-10

siddu7575/CVE-2025-61882-CVE-2025-61884

🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution

0 2026-05-23

Zhert-lab/CVE-2025-61882-CVE-2025-61884

Sorumluluk Reddi Kendi sorumluluğunuzda kullanın, size ait olmayan veya tarama izninizin olmadığı altyapılarda gerçekleştireceğiniz yasa dışı faaliyet

0 2025-11-21

sid-203/Enterprise-Information-Security-Risk-Assessment-Oracle-E-Business-Suite-Case-Study

Real-world information security risk assessment based on the Oracle E-Business Suite zero-day (CVE-2025-61882). Analyses attacker methods, enterprise

0 2026-02-13

NetVanguard-cmd/CVE-2025-61882

0 2026-04-19

5 repos — triés par ⭐ Rechercher sur GitHub ↗

https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

vendor-advisory

Signal Intelligence

Confidenceⓘ

92%

EPSS 88.25%

CVSS v3.1 9.8

Mentions 12

Last Seen Nov 26, 2025

CNA Information

CNA Assigner

oracle

Analyst Note

Multiple authoritative sources explicitly confirm exploitation of this Oracle EBS vulnerability in the wild by Clop threat actors since early August 2025, preceding the October 5, 2025 CVE publication. Article titles directly reference 'zero-day' and 'exploited' status, with CISA confirmation of active attacks.