一、 漏洞 CVE-2025-61882 基础信息
漏洞信息
                                        # N/A

## 概述

Oracle Concurrent Processing(组件:BI Publisher Integration)中存在一个严重漏洞,允许未经身份验证的远程攻击者通过 HTTP 网络访问实施攻击,最终导致 Oracle Concurrent Processing 被完全接管。

## 影响版本

受影响的 Oracle E-Business Suite 支持版本包括:
- 12.2.3
- 12.2.4
- ...
- 至 12.2.14

## 漏洞细节

该漏洞易于利用,攻击者无需身份验证即可通过 HTTP 协议远程发起攻击。攻击成功后可对 Oracle Concurrent Processing 实现完全控制,无需用户交互,攻击向量为网络(AV:N),攻击复杂度低(AC:L),无权限要求(PR:N)。

CVSS 3.1 分值:9.8(严重)  
CVSS Vector:`(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)`

## 影响

成功利用该漏洞可导致:
- ** Confidentiality(机密性):严重受损  
- ** Integrity(完整性):严重受损  
- ** Availability(可用性):严重受损  

攻击者可完全控制 Oracle Concurrent Processing 模块,可能导致数据泄露、篡改及服务中断。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Oracle E-Business Suite 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Oracle E-Business Suite是美国甲骨文(Oracle)公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。 Oracle E-Business Suite 12.2.3版本至12.2.14版本存在安全漏洞,该漏洞源于未经验证的攻击者可通过HTTP网络访问进行攻击,可能导致组件接管。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-61882 的公开POC
# POC 描述 源链接 神龙链接
1 Detection for CVE-2025-61882 https://github.com/rxerium/CVE-2025-61882 POC详情
2 None https://github.com/watchtowrlabs/watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882 POC详情
3 Exploit for CVE-2025-61882 (do not use without any written permission). https://github.com/Sachinart/CVE-2025-61882 POC详情
4 Oracle Concurrent Processing 12.2.3-12.2.14 contains a remote code execution caused by unauthenticated network access via HTTP, letting unauthenticated attackers fully compromise the system, exploit requires network access via HTTP. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-61882.yaml POC详情
5 CVE-2025-61882 https://github.com/B1ack4sh/Blackash-CVE-2025-61882 POC详情
6 None https://github.com/zerozenxlabs/CVE-2025-61882-Oracle-EBS POC详情
7 Detection for CVE-2025-61882 https://github.com/rxerium/CVE-2025-61882-CVE-2025-61884 POC详情
8 None https://github.com/RootAid/CVE-2025-61882 POC详情
9 POC of CVE-2025-61882 https://github.com/MindflareX/CVE-2025-61882-POC POC详情
10 A critical pre-authentication Remote Code Execution (RCE) flaw in Oracle E-Business Suite (versions 12.2.3 - 12.2.14) allows attackers to gain full control over vulnerable servers via malicious HTTP requests - now actively exploited in the wild. https://github.com/AdityaBhatt3010/CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit POC详情
11 Detects Oracle E-Business Suite (CVE-2025-61882). Detection: multi-tier checks — fingerprinting, version checks, endpoint & SSRF tests, timing analysis & controlled exploitation 4 high-confidence results. Default = safe fingerprinting only. Set aggressive=true 2 enable active/probing checks use w/caution. Provided By BattalionX BattalionX@proton.me https://github.com/BattalionX/http-oracle-ebs-cve-2025-61882.nse POC详情
12 CVE-2025-61882: Oracle E-Business Suite RCE Scanner and Exploit https://github.com/godnish/CVE-2025-61882 POC详情
13 🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats. https://github.com/siddu7575/CVE-2025-61882-CVE-2025-61884 POC详情
14 CVE-2025-61882 — Critical Oracle EBS RCE: Analysis & Response https://github.com/AshrafZaryouh/CVE-2025-61882-Executive-Summary POC详情
15 CVE-2025-61882: Oracle E-Business Suite RCE Scanner and Exploit https://github.com/GhoStZA-debug/CVE-2025-61882 POC详情
三、漏洞 CVE-2025-61882 的情报信息
四、漏洞 CVE-2025-61882 的评论

暂无评论

发表评论