Unauthenticated Access Vulnerability in Oracle E-Business Suite - BI Publisher Integration
CVE-2025-61882

9.8CRITICAL

Key Information:

Vendor

Oracle

Vendor
CVE Published:
5 October 2025

What is CVE-2025-61882?

A security vulnerability in Oracle's Concurrent Processing component of the E-Business Suite could allow an unauthenticated attacker to gain unauthorized access through HTTP. The affected software versions range from 12.2.3 to 12.2.14. Successful exploitation may lead to complete control over the Oracle Concurrent Processing environment, posing serious risks to confidentiality, integrity, and availability. Organizations using these versions should implement security measures promptly to mitigate potential intrusions.

Affected Version(s)

Oracle Concurrent Processing 12.2.3 <= 12.2.14

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-61882 : Unauthenticated Access Vulnerability in Oracle E-Business Suite - BI Publisher Integration