CVE-2025-53072 PoC — Oracle E-Business Suite 安全漏洞

Source

https://github.com/rxerium/CVE-2025-53072-CVE-2025-62481

Associated Vulnerability

Title:Oracle E-Business Suite 安全漏洞 (CVE-2025-53072)
Description:Oracle E-Business Suite是美国甲骨文（Oracle）公司的一套全面集成式的全球业务管理软件。该软件提供了客户关系管理、服务管理、财务管理等功能。Marketing是其中的一个基于互联网的营销管理组件。 Oracle E-Business Suite的Oracle Marketing 12.2.3版本至12.2.14版本存在安全漏洞，该漏洞源于未经验证的攻击者可通过HTTP网络访问进行攻击，可能导致Oracle Marketing被接管。

Description

Detection for CVE-2025-53072 + CVE-2025-62481

Readme

# <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Locked.png" alt="Locked" width="25" height="25" /> CVE-2025-53072 & CVE-2025-62481

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). 

## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Magnifying%20Glass%20Tilted%20Left.png" alt="Search" width="25" height="25" /> How does this detection method work?

This Nuclei template detects Oracle E-Business Suite instances vulnerable to CVE-2025-53072 and CVE-2025-62481 by checking if the server's Last-Modified header indicates a build date before October 21, 2025 (the patch date), combined with identifying the E-Business Suite home page content and a 200 status response. Do note this is a script to fingerprint devices that are "likely" vulnerable to said CVE, not confirmed vulnerable. 

## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Travel%20and%20places/Rocket.png" alt="Rocket" width="25" height="25" /> How do I run this script?

1. Download and install [Nuclei](https://github.com/projectdiscovery/nuclei).
2. Clone this repostory to your local system.
3. Run the following command: 
```sh
nuclei -u <ip|fqdn> -t template.yaml
```

Or if you would like to scan a list of hosts, execute:
```sh
nuclei -l <list.txt> -t template.yaml
```

### Example Output

<img width="902" height="149" alt="Screenshot 2025-10-22 at 10 27 59" src="https://github.com/user-attachments/assets/5769d3cf-e932-4cc9-a902-72685c9ed6c2" />


## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Books.png" alt="Books" width="25" height="25" /> References

- https://www.oracle.com/security-alerts/cpuoct2025.html
- https://github.com/projectdiscovery/nuclei


## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Symbols/Warning.png" alt="Warning" width="25" height="25" /> Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

---

## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Page%20with%20Curl.png" alt="License" width="25" height="25" /> License

This project is licensed under the MIT License.

## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Smilies/Speech%20Balloon.png" alt="Contact" width="25" height="25" /> Contact

If you have any questions about this vulnerability detection script please reach out to me via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw).

If you would like to connect, I am mostly active on [Twitter/X](https://x.com/rxerium) and [LinkedIn](https://www.linkedin.com/in/rxerium/).

File Snapshot


 [4.0K]  /data/pocs/a8bf6721e1ff87da8615e587336854740a2f5bb8
├── [1.0K]  LICENSE
├── [2.9K]  README.md
└── [1.2K]  template.yaml

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!