Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Oracle E-Business Suite BI Publisher Integration Oracle Concurrent Processing Remote Code Execution Vulnerability

Vulnerability

Exploited

A remote code execution vulnerability has been identified in the Oracle Concurrent Processing component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful exploitation can lead to a complete takeover of the Oracle Concurrent Processing environment.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Oracle recommends that customers apply the updates provided in the Oracle E-Business Suite Patch Availability Document as soon as possible. The October 2023 Critical Patch Update is a prerequisite for applying these updates.

Added: Oct 5, 2025, 4:17 AM

Updated: Oct 6, 2025, 5:09 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

7.7

relevance

0.6

threat

9.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

7.7

relevance

0.6

threat

9.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Oracle E-Business Suite BI Publisher Integration Oracle Concurrent Processing Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Oracle Concurrent Processing

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating