CVE-2025-61882
CRITICAL KEV RANSOMWARE NUCLEIOracle Concurrent Processing 12.2.3-12.2.14 - Unauthenticated Takeover
Title source: manualExploitation Summary
CVE-2025-61882 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 6, 2025, with confirmed use in ransomware campaigns.
EIP tracks 17 public exploits from researchers including watchtowrlabs, iSee857, zerozenxlabs, including a Metasploit module exploits/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.
A Nuclei detection template is also available.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-61882, targeting Oracle E-Business Suite with a pre-authentication RCE chain. The exploit leverages CSRF token retrieval, HTTP request smuggling, and XSLT-based Java runtime execution to achieve remote code execution.
Description
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Exploits (17)
This repository contains a functional exploit for CVE-2025-61882, targeting Oracle E-Business Suite with a pre-authentication RCE chain. The exploit leverages CSRF token retrieval, HTTP request smuggling, and XSLT-based Java runtime execution to achieve remote code execution.
The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script establishes a session, then sends a crafted JSON payload to execute the 'id' command, verifying RCE by checking for 'uid=' and 'gid=' in the response.
This repository contains a functional exploit for CVE-2025-61882, targeting Oracle E-Business Suite. The exploit leverages SSRF and CRLF injection to achieve remote code execution (RCE) by crafting malicious HTTP requests and using a malicious server to deliver payloads.
This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042). The Python script demonstrates time-based blind SQLi via crafted HTTP headers, extracting admin credentials and password hashes.
This repository provides a detailed technical analysis and detection guidance for CVE-2025-61882, a pre-authentication RCE vulnerability in Oracle E-Business Suite (versions 12.2.3–12.2.14). It includes IOCs, detection rules for Splunk/Elastic, and a safe Python script for log analysis.
The repository contains detailed technical writeups for multiple CVEs, including command injection, XXE, SQLi, and RCE vulnerabilities. Each writeup provides vulnerability overviews, proof-of-concept details, and mitigation recommendations.
This repository contains a functional multi-threaded scanner and exploit for CVE-2025-61882, targeting Oracle E-Business Suite. The exploit leverages HTTP request smuggling and XSL payload delivery to achieve unauthenticated remote code execution (RCE).
The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and executable scripts.
This repository contains an NSE script for detecting Oracle E-Business Suite vulnerability CVE-2025-61882. It performs multi-tier checks including fingerprinting, version checks, and optional active probing for high-confidence detection.
This PoC demonstrates a remote code execution vulnerability in Oracle BI Publisher via insecure deserialization. It includes a Java exploit that generates a serialized payload and a bash script to simulate sending it to the vulnerable endpoint.
This repository contains functional exploit code for CVE-2025-61882, an unauthenticated remote code execution vulnerability in Oracle E-Business Suite (EBS) BI Publisher. The exploit leverages server-side template injection via crafted XSLT/XML payloads, demonstrating pre-auth RCE through SSRF and CRLF injection techniques.
The repository contains only a minimal README with a CVE identifier and no functional exploit code or technical details. It appears to be a placeholder or stub.
The repository claims to provide a tool for detecting Oracle vulnerabilities (CVE-2025-61882 and CVE-2025-61884) but only contains a README with download links to a ZIP file. No actual exploit code or technical details are provided, raising suspicion.
This repository is a comprehensive academic writeup analyzing GDPR compliance, security frameworks, and a case study on the Oracle E-Business Suite breach involving CVE-2025-61882. It does not contain exploit code but provides a detailed incident response analysis.
This repository provides a Nuclei template for detecting Oracle E-Business Suite instances vulnerable to CVE-2025-61882 by checking the Last-Modified header date. It also includes a detection script for CVE-2025-61884.
This repository contains a functional exploit for CVE-2025-61882, a critical pre-authentication RCE vulnerability in Oracle E-Business Suite. The exploit chains SSRF, CRLF injection, HTTP smuggling, authentication bypass, and XSLT injection to achieve remote code execution.
This Metasploit module exploits CVE-2025-61882 in Oracle E-Business Suite by chaining SSRF, Path Traversal, HTTP request smuggling, and XSLT injection to achieve remote code execution. It hosts a malicious XSL file that the target fetches and processes, leading to an interactive shell session.
Nuclei Templates (1)
title="E-Business Suite"
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H