Critical unauthenticated remote code execution vulnerability in Oracle E-Business Suite Concurrent Processing component accessible via HTTP. Actively exploited by Cl0p ransomware group for data theft attacks with complete system takeover potential.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
π CVE Published: 2025-10-05
π Added to CISA KEV: 2025-10-06 1 DAY BETWEEN CVE AND KEV
What is CVE-2025-61882? CVE-2025-61882 (CVSS 9.8) is a Remote Code Execution (RCE) vulnerability in the BI Publisher Integration component of Oracleβs Concurrent Processing module β an integral service within Oracle E-Business Suite that handles automated and background processes. This flaw is remotely exploitable over HTTP without authentication, allowing an attacker to execute arbitrary ...
Ivanti's CVE-2025-0282 flaw, exploited by China-linked actors, enables remote code execution.In light of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-0282 to the Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the patches by January 15, 2025. It's also urging organizations to scan their environments for signs of compromise, and report any incident or anomalous activity.
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing.Feedly estimated the CVSS as HIGH based on the CVE details, attack complexity, and exploit information. Learn more. Oct 5, 2025 at 4:13 AM.
Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks.Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. Sergiu Gatlan. October 03, 2025.
The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network ...