关联漏洞
标题:
Oracle E-Business Suite 安全漏洞
(CVE-2025-53072)
描述:Oracle E-Business Suite是美国甲骨文(Oracle)公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。Marketing是其中的一个基于互联网的营销管理组件。 Oracle E-Business Suite的Oracle Marketing 12.2.3版本至12.2.14版本存在安全漏洞,该漏洞源于未经验证的攻击者可通过HTTP网络访问进行攻击,可能导致Oracle Marketing被接管。
描述
Detection for CVE-2025-53072 + CVE-2025-62481
介绍
# <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Locked.png" alt="Locked" width="25" height="25" /> CVE-2025-53072 & CVE-2025-62481
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).
## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Magnifying%20Glass%20Tilted%20Left.png" alt="Search" width="25" height="25" /> How does this detection method work?
This Nuclei template detects Oracle E-Business Suite instances vulnerable to CVE-2025-53072 and CVE-2025-62481 by checking if the server's Last-Modified header indicates a build date before October 21, 2025 (the patch date), combined with identifying the E-Business Suite home page content and a 200 status response. Do note this is a script to fingerprint devices that are "likely" vulnerable to said CVE, not confirmed vulnerable.
## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Travel%20and%20places/Rocket.png" alt="Rocket" width="25" height="25" /> How do I run this script?
1. Download and install [Nuclei](https://github.com/projectdiscovery/nuclei).
2. Clone this repostory to your local system.
3. Run the following command:
```sh
nuclei -u <ip|fqdn> -t template.yaml
```
Or if you would like to scan a list of hosts, execute:
```sh
nuclei -l <list.txt> -t template.yaml
```
### Example Output
<img width="902" height="149" alt="Screenshot 2025-10-22 at 10 27 59" src="https://github.com/user-attachments/assets/5769d3cf-e932-4cc9-a902-72685c9ed6c2" />
## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Books.png" alt="Books" width="25" height="25" /> References
- https://www.oracle.com/security-alerts/cpuoct2025.html
- https://github.com/projectdiscovery/nuclei
## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Symbols/Warning.png" alt="Warning" width="25" height="25" /> Disclaimer
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
---
## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Page%20with%20Curl.png" alt="License" width="25" height="25" /> License
This project is licensed under the MIT License.
## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Smilies/Speech%20Balloon.png" alt="Contact" width="25" height="25" /> Contact
If you have any questions about this vulnerability detection script please reach out to me via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw).
If you would like to connect, I am mostly active on [Twitter/X](https://x.com/rxerium) and [LinkedIn](https://www.linkedin.com/in/rxerium/).
文件快照
[4.0K] /data/pocs/a8bf6721e1ff87da8615e587336854740a2f5bb8
├── [1.0K] LICENSE
├── [2.9K] README.md
└── [1.2K] template.yaml
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。