Oracle E-Business Suite Remote Code Vulnerability - 20251006001¶
Overview¶
A critical vulnerability has been identified in Oracle E-Business Suite (EBS) that may allow unauthenticated remote attackers to execute arbitrary code. This issue affects components commonly exposed in enterprise deployments and poses a significant risk to confidentiality, integrity, and availability.
What is Vulnerable¶
Product | Component | Affected Version(s) | CVE ID | CVSS 3.1 Base Score | Severity |
---|---|---|---|---|---|
Oracle E-Business Suite | Oracle Applications Framework | 12.2.x | CVE-2025-61882 | 9.8 | Critical |
What has been Observed?¶
No active exploitation has been observed across WA Public Sector environments at this time. However, due to the nature of the vulnerability and its potential for remote code execution, threat actors may target unpatched systems in future campaigns.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes:
- Review Oracle’s October 2025 Critical Patch Update.
- Apply relevant patches to Oracle EBS 12.2.x environments.
- Ensure external access to Oracle EBS components is restricted where possible.
- Monitor for unusual activity in application logs and network traffic.
Additional References¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):