November 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Ivanti Patches 13 Endpoint Manager RCE Flaws
October 14, 2025Astaroth Banking Trojan Exploits GitHub to Stay Active After Takedowns – Active IOCs
October 14, 2025Ivanti Patches 13 Endpoint Manager RCE Flaws
October 14, 2025Astaroth Banking Trojan Exploits GitHub to Stay Active After Takedowns – Active IOCs
October 14, 2025
Severity
High
Analysis Summary
CVE-2025-61884 CVSS:7.5
Oracle E-Business Suite could allow a remote attacker to obtain critical data information, caused by improper authorization validation. An attacker could exploit this vulnerability using HTTP to gain complete access to all Oracle Configurator accessible data.
CVE-2025-61882 CVSS:9.8
Oracle E-Business Suite could allow a remote attacker to execute arbitrary code on the system, caused by an error in the BI Publisher Integration component. An attacker could exploit this vulnerability using HTTP to compromise and take control of the Oracle Concurrent Processing component and execute arbitrray code on the system.
Impact
- Code Execution
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-61884
CVE-2025-61882
Affected Vendors
Oracle
Affected Products
- Oracle E-Business Suite 12.2.3
- Oracle E-Business Suite 12.2.14
Remediation
Refer to Oracle Security Alert Advisory - for patch, upgrade, or suggested workaround information.