METASPLOIT-modules/exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.rb

METASPLOIT ruby WORKING POC
Exploit for CVE-2025-61882 - Oracle E-Business Suite CVE-2025-61882 RCE
AI Analysis

This Metasploit module exploits CVE-2025-61882 in Oracle E-Business Suite by chaining SSRF, Path Traversal, HTTP request smuggling, and XSLT injection to achieve remote code execution. It hosts a malicious XSL file that the target fetches and processes, leading to an interactive shell session.

Attack Type
RCE
Complexity
complex
Reliability
reliable
MITRE ATT&CK
T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter
Loading exploit code...
Download ZIP Password: eip
Source
Platform Metasploit
Type poc
Platform win
Language ruby
Rank excellent
Files 1
Authors
Sina Kheirkhah watchTowr (Sonny Jake Knott) Mathieu Dupas watchTowr (Sonny, Sina Kheirkhah, Jake Knott)
Vulnerability
CVE-2025-61882
Oracle E-Business Suite CVE-2025-61882 RCE
CRITICAL KEV
CVSS 9.8