FortiGuard Outbreak Alert: Oracle E-Business Suite RCE Zero-day
| Description | Oracle E-Business Suite is an integrated set of enterprise applications for automating and managing core business operations.
An unauthenticated attacker can send a crafted request to run arbitrary code and take complete control of affected systems.
| ||||||
| CVE ID    | CVE-2025-61882 (https://nvd.nist.gov/vuln/detail/CVE-2025-61882) | ||||||
| NDR Cloud Detection Rule | FortiNDR Cloud v25.3c+
| ||||||
| Playbook | N/A | ||||||
| Threat Hunting | FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for "Oracle E-Business Suite RCE Zero-day" related activities. IOC source: https://www.fortiguard.com/outbreak-ioc?tag=Oracle%20E-Business%20Suite%20RCE All IOCs relating to "Oracle E-Business Suite RCE Zero-day" have been added to Threat Intelligence Intel. | ||||||
| Suricata Coverage | Customers can create custom investigation/detections using the Suricata signatures below: 2065105 -> ET WEB_SERVER Oracle E-Business Suite (EBS) Unauthenticated Server-Side Request Forgery (CVE-2025-61882) 2065106 -> ET WEB_SERVER Oracle E-Business Suite (EBS) CRLF Injection (CVE-2025-61882) 2065107 -> ET WEB_SERVER Oracle E-Business Suite (EBS) Authentication Filter Bypass (apps. example. com) (CVE-2025-61882) 2065108 -> ET WEB_SERVER Oracle E-Business Suite (EBS) XSL Transformation Outbound Fetch (CVE-2025-61882) | ||||||
| Other Fortinet Products | For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to: https://www.fortiguard.com/outbreak-alert/oracle-e-business-suite-rce |