virus logo Intrusion Prevention

Oracle.E-Business.Suite.UiServlet.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution vulnerability in Oracle E-Business Suite.
The vulnerability is due to improper handling of untrusted input in the Oracle Concurrent Processing (BI Publisher Integration) component. An unauthenticated remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in remote code execution.

description-logoOutbreak Alert

Actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation enables complete takeover of Oracle Concurrent Processing, opening the door to lateral movement, sensitive data exfiltration, and potential ransomware deployment.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Oracle E-Business Suite versions 12.2.3-12.2.14

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2026-01-14 35.151
Modified
 Sig Added
2025-10-16 34.102
Modified
 Default_action:pass:drop
2025-10-07 34.096
New
ID 59120
Created Oct 06, 2025
Updated Jan 14, 2026
CVE ID
Tags Oracle E-Business Suite RCE Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 88.16%
Default Action drop
Active
Affected OS Windows, Linux, Solaris, Other
Affected App Oracle
Profile Type Code Injection