CVE-2025-61882

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.14

Description A critical issue exists in the Oracle Concurrent Processing product, specifically within the BI Publisher Integration component of Oracle E-Business Suite. This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing, potentially leading to a full system takeover. The issue is remotely exploitable without authentication. The Cl0p ransomware group has reportedly exploited this flaw in recent extortion campaigns, demanding up to $50 million. Core enterprise functions such as finance, human resources, supply chain management, and CRM are potentially impacted.

Recommendations Apply patches as per Oracle’s Security Advisory for versions 12.2.3 through 12.2.14.