DIVD-2025-00040 - Oracle E-Business Suite Vulnerabilities
Our reference | DIVD-2025-00040 |
Case lead | Hans Meuris |
Researcher(s) | |
CVE(s) | |
Products |
|
Versions | 12.2.3 - 12.2.14 |
Recommendation | Apply the patches released by Oracle as described in the official advisory. If patching is not possible immediately, restrict access. |
Patch status | Available |
Workaround | If patching is not immediately possible, consider disabling limiting access to trusted networks only. |
Status | Open |
Last modified | 10 Oct 2025 17:36 CEST |
Summary
Oracle has released an advisory addressing a vulnerability in the Oracle Concurrent Processing of Oracle E-Business Suite. (component: BI Publisher Integration) If exploited, this vulnerability could allow attackers to bypass authentication mechanisms or execute arbitrary actions, potentially leading to unauthorized access to internal resources.
The vulnerabilities are identified as:
- CVE-2025-61882 – Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher)
What you can do
- Update immediately: Follow Oracle’s instructions
- Mitigate risk: If patching cannot be done right away, restrict them to trusted networks only.
- Monitor your systems: Watch for unusual login attempts, session hijacking indicators, or performance degradation that may point to exploitation.
- Review logs: Inspect logs for signs of abuse or suspicious activity.
What we are doing
We are scanning for Oracle E-Business Suite instances exposed to the internet that may be vulnerable to these flaws. We will notify affected parties so they can take appropriate action.
Timeline
Date | Description |
---|---|
06 Oct 2025 | Case started by DIVD researchers. |
06 Oct 2025 | Oracle published security advisory. |
07 Oct 2025 | Find vulnerable instances. |
08 Oct 2025 | Start notifying vulnerable instances. |
gantt
title DIVD-2025-00040 - Oracle E-Business Suite Vulnerabilities
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2025-00040 - Oracle E-Business Suite Vulnerabilities (still open) :2025-10-06, 2025-10-17
section Events
Case started by DIVD researchers. : milestone, 2025-10-06, 0d
Oracle published security advisory. : milestone, 2025-10-06, 0d
Find vulnerable instances. : milestone, 2025-10-07, 0d
Start notifying vulnerable instances. : milestone, 2025-10-08, 0d