[Vulnerability Alert] Oracle E-Business Suite Has a Major Security Vulnerability (CVE-2025-61882)

Date Posted: 2025/10/09

Subject: [Vulnerability Alert] Oracle E-Business Suite Has a Major Security Vulnerability (CVE-2025-61882)

Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000002
- Oracle has released a major security vulnerability advisory (CVE-2025-61882, CVSS: 9.8). This vulnerability exists in Oracle Concurrent Processing of Oracle E-Business Suite, allowing an unauthenticated attacker to access it via an HTTP network, which may lead to remote code execution. Note: Attacks exploiting this vulnerability have been observed; it is recommended to take temporary mitigation measures as soon as possible to prevent potential attacks targeting this vulnerability.
Affected Platforms:
- Oracle E-Business Suite 12.2.3-12.2.14
Recommended Action:
- Apply the solution released on the official website for patching: https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
References:
1. https://www.twcert.org.tw/tw/cp-169-10418-3bdee-1.html

Computer and Communications Center
Network Systems Group