First published: 07 Oct 2025
Last updated: 07 Oct 2025

Content written for

Small & medium business
Large organisations & infrastructure
Government

This alert is intended for a technical audience. It has been written primarily for; but is not limited to, business and government.

Background

  • Oracle has identified the following vulnerability in Oracle E-Business Suite.
  • CVE-2025-61882: This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution.

The following supported versions of Oracle E-Business Suite are affected by the vulnerability:

  • Oracle E-Business Suite  12.2.3 - 12.2.14

Mitigation advice

Australian organisations should review their networks for use of vulnerable instances of the Oracle E-Business Suite products, and consult Oracle Security Advisory for mitigation advice.

Where to get help

Organisations that have been impacted, suspect impact or require advice and assistance can contact us via  1300 CYBER1 (1300 292 371).

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?