TROYANOSYVIRUS
Volver a CVEs

CVE-2025-61882

CRITICALCISA KEV
9.8

Descripcion

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Detalles CVE

Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/5/2025
Ultima modificacion10/27/2025
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorOracle
ProductoE-Business Suite
Nombre vulnerabilidadOracle E-Business Suite Unspecified Vulnerability
Fecha inclusion KEV2025-10-06
Fecha limite remediacion2025-10-27
Uso en ransomwareKnown

Productos afectados

oracle:concurrent_processing

Debilidades (CWE)

CWE-287

Referencias

https://www.oracle.com/security-alerts/alert-cve-2025-61882.html(secalert_us@oracle.com)
https://blogs.oracle.com/security/post/apply-july-2025-cpu(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.