Zero Day MonitorZDM

← Back to list

9.8

CVE-2025-61882KEVEXPLOITEDPATCHED

oracle · concurrent_processing

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable

Description

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected Products

Vendor	Product	Versions
oracle	concurrent_processing	<= 12.2.14

References

https://www.oracle.com/security-alerts/alert-cve-2025-61882.html(Vendor Advisory)
https://blogs.oracle.com/security/post/apply-july-2025-cpu(Vendor Advisory)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882(US Government Resource)
https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/(Press/Media Coverage)

Related News (1 articles)

Tier C

Rapid7 Blog2h ago

Initial Access Brokers have Shifted to High-Value Targets and Premium Pricing

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available12.2.14

CWECWE-287

PublishedOct 5, 2025

Last enriched4d ago

Trending Score99

Source articles1

Independent1

Info Completeness10/14

Missing: epss, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-21962EXPKEV

Vulnerability in the Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in product of Oracle Fusion Middleware (component: Weblogic Server Proxy Plug-in for Apache HTTP Server, Weblogic Server Prox

HIGHCVE-2026-21932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: AWT, JavaFX). Supported versions that are affected are Oracle Java

HIGHCVE-2026-21945

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE

MEDIUMCVE-2026-21933

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java

MEDIUMCVE-2026-21925

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: RMI). Supported versions that are affected are Oracle Java SE: 8u4

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Oct 5, 2025

Added to CISA KEV

Oct 5, 2025

Actively Exploited

Oct 27, 2025

Exploit Available

Oct 27, 2025

Patch Available

Oct 27, 2025

Discovered by ZDM

Mar 26, 2026