Skip to content

Oracle E-Business Suite Remote Code Vulnerability - 20251006001

Overview

A critical vulnerability has been identified in Oracle E-Business Suite (EBS) that may allow unauthenticated remote attackers to execute arbitrary code. This issue affects components commonly exposed in enterprise deployments and poses a significant risk to confidentiality, integrity, and availability.

What is Vulnerable

Product Component Affected Version(s) CVE ID CVSS 3.1 Base Score Severity
Oracle E-Business Suite Oracle Applications Framework 12.2.x CVE-2025-61882 9.8 Critical

What has been Observed?

No active exploitation has been observed across WA Public Sector environments at this time. However, due to the nature of the vulnerability and its potential for remote code execution, threat actors may target unpatched systems in future campaigns.

Recommendation

The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes:

  • Review Oracle’s October 2025 Critical Patch Update.
  • Apply relevant patches to Oracle EBS 12.2.x environments.
  • Ensure external access to Oracle EBS components is restricted where possible.
  • Monitor for unusual activity in application logs and network traffic.

Additional References

The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):