NCSC Issues Alert on Active Exploitation of Oracle E-Business Suite 0-Day Vulnerability


The UK National Cyber Security Centre (NCSC) has issued a security alert following confirmation of active exploitation of a critical 0-day vulnerability, tracked as CVE-2025-61882, in Oracle E-Business Suite (EBS).

Oracle has released an urgent security update to address the issue, underscoring the immediate risk to organisations running affected EBS versions.

Critical Remote Code Execution Flaw in Oracle EBS

CVE-2025-61882 is a severe remote code execution vulnerability identified in the BI Publisher Integration component of Oracle Concurrent Processing within EBS.

According to Oracle’s advisory, the flaw enables a remote, unauthenticated attacker to send specially crafted HTTP requests to a vulnerable EBS instance, resulting in full compromise of the underlying system without requiring user interaction.

Attribute Value
CVE ID CVE-2025-61882
Product Oracle E-Business Suite
Component BI Publisher Integration (Oracle Concurrent Processing)
Vulnerability Type Remote Code Execution
CVSS 3.1 Score 9.8 (Critical)
Attack Vector Network

The vulnerability impacts Oracle EBS versions 12.2.3 through 12.2.14, posing the highest risk to organisations that have exposed their Oracle EBS deployments to the public internet.

With a CVSS v3.1 base score of 9.8, Oracle has confirmed the vulnerability is being actively exploited in the wild, enabling threat actors to gain unauthorised access and execute arbitrary commands.

Oracle has listed several indicators of compromise (IoCs), including suspicious IP addresses (200.107.207.26 and 185.181.60.11), known commands for outbound connections, and SHA256 hashes of related exploit files, to assist organisations in detection and response.

Guidance and Mitigation Steps

The NCSC urges all organisations running affected Oracle EBS versions to immediately assess their environments for compromise. Key recommendations include:

  • Perform a compromise assessment using the published IoCs from Oracle’s advisory.
  • Report suspected incidents: Impacted organisations in the UK should contact Oracle PSIRT and notify the NCSC via the reporting portal.
  • Apply security updates: Install the latest Oracle EBS update, ensuring the October 2023 Critical Patch Update is in place beforehand.
  • Harden network exposure: Limit direct internet access to Oracle EBS and follow Oracle’s deployment guidelines. The NCSC also provides best practices for securing network perimeters.
  • Continuous monitoring: Maintain robust network monitoring and threat hunting to detect and contain malicious activity.

The NCSC reiterates the importance of reducing the attack surface by minimising externally accessible software.

For organisations where internet exposure is necessary, security controls and segmentation are critical.

Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.



Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.