Oracle E-Business Suite is an integrated set of enterprise applications for automating and managing core business operations.
Cl0p ransomware group is seen actively exploiting CVE-2025-61882 in Oracle E-Business Suite.
CVE-2025-61882 is a remote code execution (RCE) vulnerability in Oracle E-Business Suite specifically in the Concurrent Processing component (BI Publisher Integration).
An unauthenticated attacker can send a crafted request to run arbitrary code and take complete control of affected systems.
The following versions of Oracle E-Business Suite are vulnerable to CVE-2025-61882:
FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for "Oracle E-Business Suite RCE Zero-day" related activities. IOC source: https://www.fortiguard.com/outbreak-ioc?tag=Oracle%20E-Business%20Suite%20RCE All IOCs relating to "Oracle E-Business Suite RCE Zero-day" have been added to Threat Intelligence Intel.
Suricata Coverage
Customers can create custom investigation/detections using the Suricata signatures below: 2065105 -> ET WEB_SERVER Oracle E-Business Suite (EBS) Unauthenticated Server-Side Request Forgery (CVE-2025-61882) 2065106 -> ET WEB_SERVER Oracle E-Business Suite (EBS) CRLF Injection (CVE-2025-61882) 2065107 -> ET WEB_SERVER Oracle E-Business Suite (EBS) Authentication Filter Bypass (apps. example. com) (CVE-2025-61882) 2065108 -> ET WEB_SERVER Oracle E-Business Suite (EBS) XSL Transformation Outbound Fetch (CVE-2025-61882)
