Oracle has released two back-to-back emergency security updates to address critical vulnerabilities in its widely-used E-Business Suite (EBS) — tracked as CVE-2025-61882 and CVE-2025-61884.

Both flaws affect Oracle EBS versions 12.2.3 through 12.2.14, and at least one (CVE-2025-61882) has already been actively exploited in the wild by threat actors.

CVE-2025-61882 – Critical, Exploited in the Wild

• Severity: 9.8 (Critical)
• Type: Unauthenticated Remote Code Execution (RCE)
• Component: Concurrent Processing / BI Publisher Integration
• Attack Vector: HTTP (network accessible, no authentication needed)

Attackers are reportedly using this zero-day to gain remote access to EBS servers and exfiltrate sensitive data.

Oracle confirmed the issue and released an out-of-band patch, urging customers to apply immediately. “Due to the severity and active exploitation of CVE-2025-61882, customers should treat this as an emergency patching event,” Oracle stated in its advisory.

CVE-2025-61884 – High-Severity Follow-Up Vulnerability

• Severity: 7.5 (High)
• Type: Unauthorized Access / Information Disclosure
• Component: Runtime UI Component (Configurator)
• Attack Vector: HTTP (no authentication)

Disclosed just days after the previous zero-day, this flaw impacts the UI runtime of EBS Configurator and could allow attackers to access sensitive business data. Oracle issued a second emergency patch to mitigate this risk, even though no exploitation has yet been reported.

Oracle’s Response

• Patches for both vulnerabilities are now available via Oracle’s Security Alert portal.
• Prerequisite: October 2023 Critical Patch Update (CPU) must be installed before applying the CVE-2025-61882 fix.
• The alerts emphasize immediate action for all organizations running affected versions.

What Organizations Should Do Now

1. Apply the patches immediately, especially for internet-facing EBS systems.
2. Restrict access to EBS applications; avoid exposing them directly to the public internet.
3. Check logs for signs of compromise, such as unusual HTTP POST requests to /OA_HTML/configurator/UiServlet.
4. Monitor outbound connections from EBS servers — indicators of possible data exfiltration.
5. Update WAF rules and intrusion detection signatures to block known exploit payloads.

Final Word

If your organization runs Oracle E-Business Suite (12.2.3–12.2.14):

• Patch immediately.
• Hunt for signs of exploitation.
• Stay updated with Oracle’s ongoing security alerts.

Enterprise systems are becoming prime targets. Neglecting these vulnerabilities could expose critical business data to attackers already exploiting this in the wild. Hence, don’t delay patching. Stay secure, stay updated.

For any queries, write to us at marketing@cloverinfotech.com and our team of Oracle ERP experts will be glad to assist you.