Overview

• CVE-2025-61882 enables unauthenticated remote code execution over HTTP in the BI Publisher Integration component of Oracle Concurrent Processing, impacting EBS versions 12.2.3 through 12.2.14 and carrying a 9.8 CVSS rating.
• Oracle released fixes and published indicators of compromise, including two exploitation IP addresses, a reverse‑shell command, and file names and hashes tied to a leaked exploit archive.
• BleepingComputer verified the leaked Telegram archive from the group calling itself Scattered Lapsus$ Hunters matches Oracle’s IOCs, though any relationship with Cl0p remains unconfirmed.
• Organizations are urged to apply the update, hunt for signs of compromise, and prepare for broad n‑day exploitation as Mandiant reports Cl0p also leveraged vulnerabilities patched in July alongside the new flaw.
• Oracle advises customers to install the October 2023 Critical Patch Update as a prerequisite to the new security updates, with CSO Rob Duhart noting fixes address additional potential exploitation uncovered during the investigation.