Multiple Oracle E-Business Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-61884 CVSS:7.5

Oracle E-Business Suite could allow a remote attacker to obtain critical data information, caused by improper authorization validation. An attacker could exploit this vulnerability using HTTP to gain complete access to all Oracle Configurator accessible data.

CVE-2025-61882 CVSS:9.8

Oracle E-Business Suite could allow a remote attacker to execute arbitrary code on the system, caused by an error in the BI Publisher Integration component. An attacker could exploit this vulnerability using HTTP to compromise and take control of the Oracle Concurrent Processing component and execute arbitrray code on the system.

Impact

Code Execution
Information Disclosure

Indicators of Compromise

CVE

CVE-2025-61884
CVE-2025-61882

Affected Vendors

Oracle

Affected Products

Oracle E-Business Suite 12.2.3
Oracle E-Business Suite 12.2.14

Remediation

Refer to Oracle Security Alert Advisory - for patch, upgrade, or suggested workaround information.

CVE-2025-61884

CVE-2025-61882

Ivanti Patches 13 Endpoint Manager RCE Flaws

Astaroth Banking Trojan Exploits GitHub to Stay Active After Takedowns – Active IOCs

Multiple Oracle E-Business Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan