Name of the Vulnerable Software and Affected Versions
Oracle E-Business Suite versions 12.2.3 through 12.2.14
Description
Oracle E-Business Suite contains a critical vulnerability (CVE-2025-61882) in the Concurrent Processing product, specifically within the BI Publisher Integration component. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the system, potentially leading to remote code execution. The Clop ransomware group has been actively exploiting this vulnerability since August 2025, resulting in data theft and extortion. The vulnerability is a chained set of flaws, including Server-Side Request Forgery (SSRF), CRLF injection, authentication bypass, and unsafe XSLT processing. Public proof-of-concept exploit code is available. Numerous organizations have been impacted, with reports indicating hundreds of compromised instances. The exploitation has been linked to the FIN11 threat actor. The vulnerability has a CVSS score of 9.8 (Critical).
Recommendations
Apply the security updates provided by Oracle immediately.
Monitor Oracle E-Business Suite endpoints and BI Publisher connections for suspicious activity.
Restrict network access to Oracle E-Business Suite components, allowing traffic only from trusted networks and VPNs.
Harden user access controls.
Isolate instances if patching is not immediately possible and enhance monitoring.
Review logs for indicators of compromise (IOCs).