CVE-2025-61882
Description
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
In plain language
AI Act nowCVE-2025-61882 is a serious, internet-reachable flaw in Oracle E-Business Suite’s Concurrent Processing (BI Publisher Integration) that lets an attacker take over the service over HTTP without logging in—so most affected small businesses should act urgently.
CVE-2025-61882 is an unauthenticated remote takeover vulnerability in Oracle E-Business Suite Concurrent Processing via the BI Publisher Integration component, triggered through network access over HTTP in supported releases 12.2.3–12.2.14.
What to do now
- Check whether you run Oracle E-Business Suite Concurrent Processing on versions 12.2.3 through 12.2.14 (and whether BI Publisher Integration is in use) and confirm the instance is reachable over HTTP from untrusted networks.
- If you are affected, immediately apply Oracle’s remediation from the advisory for CVE-2025-61882 (Oracle Security Alert) and roll the instance forward to the patched level described by Oracle (July 2025 CPU guidance).
- If you cannot patch right away, restrict network access so the vulnerable HTTP endpoint is not reachable from the internet or any untrusted network, following Oracle’s mitigation instructions.
- Verify externally from a test host that the vulnerable HTTP reachability has been removed and review logs for any related exploit attempts since exposure.
- Set a plan to complete the full patch/upgrade rollout and ensure BI Publisher Integration and Concurrent Processing remain covered for future security updates.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2025-61882 and every CVE in our database. Create a free account — no credit card required.
Create Free Account