NCSC has issued an pressing warning concerning a important zero-day flaw in Oracle E-Enterprise Suite (EBS) that’s at the moment being exploited within the wild.
Tracked as CVE-2025-61882, the vulnerability resides within the BI Writer Integration element of Oracle Concurrent Processing and permits unauthenticated distant code execution.
Organisations working EBS variations 12.2.3 by means of 12.2.14—particularly these uncovered to the web are on the highest threat.
Oracle BI Writer Flaw (CVE-2025-61882)
Oracle’s safety alert confirms that an attacker can ship specifically crafted HTTP requests to the BI Writer Integration servlet with none prior authentication, attaining full system compromise.
No person interplay is required. A proof-of-concept HTTP request sample resembles the next:
Profitable exploitation may enable arbitrary command execution below the Oracle EBS utility account, probably resulting in knowledge exfiltration, system takeover, or lateral motion throughout the company community.
Indicators of compromise (IoCs) printed in Oracle’s advisory embody anomalous servlet URIs, sudden youngster processes spawned by $XBPSRV, and suspicious outbound connections on non-standard ports.
The NCSC is carefully monitoring incident stories and has noticed a number of exploitation makes an attempt in opposition to UK organisations.
Uncovered EBS situations on the general public web are the first goal, though inside networks missing correct segmentation can also be susceptible to menace actors who acquire an preliminary foothold.
Danger FactorsDetailsAffected ProductsOracle E-Enterprise Suite (EBS) 12.2.3 – 12.2.14; BI Writer Integration element of Oracle Concurrent ProcessingImpactRemote code execution (RCE)Exploit PrerequisitesNetwork entry to uncovered BI Writer Integration endpoint; no authentication or person interplay requiredCVSS 3.1 Score9.8 (Crucial)
Mitigation
To handle CVE-2025-61882, the NCSC urges UK organisations to undertake a defense-in-depth strategy.
Apply Oracle’s October 2023 Crucial Patch Replace adopted by the devoted EBS patch for CVE-2025-61882. Oracle’s advisory offers detailed set up directions.
Leverage the printed IoCs to scan logs, internet entry information, and course of listings for indicators of exploitation. Instruments corresponding to grep and SIEM guidelines might help establish:
Restrict public publicity of Oracle EBS parts. The place web entry is unavoidable, implement internet utility firewalls (WAFs), strict entry management lists (ACLs), and community perimeter pointers as outlined by the NCSC.
Deploy EDR brokers on utility servers and conduct behavioral evaluation to detect anomalous youngster processes or uncommon outbound site visitors.
If compromise is suspected, contact Oracle PSIRT and report back to the NCSC through its on-line portal. Early notification might help coordinate response and menace intelligence sharing.
Extra free NCSC assets embody steering on vulnerability administration, stopping lateral motion, and the Early Warning service for real-time alerts.
By taking these precautions, Oracle E-Enterprise Suite resilience can be strengthened in opposition to current and upcoming vulnerabilities.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
