Main Vulnerability Database Vulnerabilities #VU116601

Input validation error in Oracle E-Business Suite and Oracle Concurrent Processing - CVE-2025-61882

Published: October 6, 2025 / Updated: January 22, 2026

Vulnerability identifier: #VU116601

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2025-61882

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Oracle

Affected software:
Oracle E-Business Suite
Oracle Concurrent Processing

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the BI Publisher Integration component. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

How to mitigate CVE-2025-61882

Install updates from vendor's website.

Sources

https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

Input validation error in Oracle E-Business Suite and Oracle Concurrent Processing - CVE-2025-61882

Detailed vulnerability description

How to mitigate CVE-2025-61882

Sources

Please verify you're human