This alert is intended for a technical audience. It has been written primarily for; but is not limited to, business and government.
Background
- Oracle has identified the following vulnerability in Oracle E-Business Suite.
- CVE-2025-61882: This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution.
The following supported versions of Oracle E-Business Suite are affected by the vulnerability:
- Oracle E-Business Suite 12.2.3 - 12.2.14
Mitigation advice
Australian organisations should review their networks for use of vulnerable instances of the Oracle E-Business Suite products, and consult Oracle Security Advisory for mitigation advice.
Where to get help
Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).