CVE-2025-61882CRITICAL 9.8CISA KEVEPSS p100.0%

CVE-2025-61882Oracle E-Business Suite Unspecified Vulnerability

Oracle / E-Business Suite

Description

Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS99.72% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z
Published2025-10-05
Last modified2025-10-27

CISA KEV entry

Added to KEV: 2025-10-06

Underlying weaknesses· 1

CWE-287

References

  1. https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
  2. https://blogs.oracle.com/security/post/apply-july-2025-cpu
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882
  4. https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryOracle E-Business Suite Unspecified Vulnerabilitykev-cve-2025-618820%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE
CVE-2025-50060
CVE
Oracle BI Publisher Unauthorized Access Vulnerability
CVE
CVE-2025-50105
CVE
CVE-2025-62481
CVE
CVE-2026-46819
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.