API Documentation
Enrichment
Vulnerabilities
Integration
Vulnerability Intelligence(V2)
Copy
curl --request POST \
--url https://api.threatbook.io/v2/vulnerability/queryCopy
{
"data": {
"items": [
{
"evaluation": {
"x_vpt": {
"vpr": 10,
"vector_string": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A",
"risk_level": "High"
},
"cvss_v4": {
"cvss_basic_score": 9.3,
"cvss_grade": "CRITICAL",
"cvss_vector_string": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"cvss_vector": {
"cvss_privileges_required": "NONE",
"cvss_attack_complexity": "LOW",
"cvss_attack_vector": "NETWORK",
"cvss_ui": "NONE",
"cvss_attack_requirements": "NONE",
"cvss_vulnerable_system_confidentiality": "HIGH",
"cvss_vulnerable_system_integrity": "HIGH",
"cvss_vulnerable_system_availability": "HIGH",
"cvss_subsequent_system_confidentiality": "NONE",
"cvss_subsequent_system_integrity": "NONE",
"cvss_subsequent_system_availability": "NONE"
}
},
"cvss_v3": {
"cvss_basic_score": 9.8,
"cvss_grade": "CRITICAL",
"cvss_exploitability": 5.9,
"cvss_impact_subscore": 3.9,
"cvss_vector_string": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cvss_vector": {
"cvss_privileges_required": "NONE",
"cvss_confidentiality": "HIGH",
"cvss_attack_complexity": "LOW",
"cvss_integrity": "HIGH",
"cvss_availability": "HIGH",
"cvss_attack_vector": "NETWORK",
"cvss_scope": "UNCHANGED",
"cvss_ui": "NONE"
}
},
"cvss_v2": {}
},
"impact": {
"platform": [
"Applications"
],
"affected_vendors_products": [
{
"product": "Oracle E-Business Suite",
"vendor": "Oracle",
"version": [],
"version_comparison": {
"including": [],
"excluding": [],
"version_list": [
{
"range": "12.2.3<=version<=12.2.14"
}
]
},
"vendor_alias": [
"oracle",
"Weblogic-framework Project",
"Weblogic-framework",
"weblogic-framework_project",
"Weblogic-framework_",
"weblogicframework",
"Oracle Financial Services Applications",
"oraclefinancialservicesapplications",
"Oracle Financial Services",
"oraclefinancialservices",
"Oracle Corporation",
"oraclecorporation",
"Oracle Retail Applications",
"oracleretailapplications",
"Oracle Sun",
"oraclesun",
"Oracle AB",
"oracleab",
"Diagnostics Oracle",
"diagnosticsoracle",
"oracle8i",
"bea",
"bea_systems",
"Bea Systems",
"beasystems",
"jiaguwengufenyouxiangongsi",
"jiaguwen",
"mysql",
"Mysql Project",
"MySQL AB",
"mysqlab",
"weblogicframeworkproject",
"mysql_project",
"mysqlproject",
"E-Business Suite Oracle",
"ebusinesssuiteoracle",
"Oracle PeopleSoft",
"oraclepeoplesoft",
"Oracle Virtualization",
"oraclevirtualization",
"Oracle Hospitality",
"oraclehospitality",
"Oracle Communications Applications",
"oraclecommunicationsapplications"
],
"product_alias": [
"Oracle Concurrent Processing",
"oracleconcurrentprocessing",
"concurrent_processing",
"Concurrent Processing",
"concurrentprocessing",
"Oracle E-Business Suite",
"e-business_suite",
"oracleebusinesssuite",
"ebusinesssuite",
"E-business Suite"
]
}
],
"cpe": [
{
"cpe_match": [
{
"cpe_uri": "cpe:2.3:a:oracle:concurrent_processing:*:*:*:*:*:*:*:*",
"cpe_name": [
"cpe:2.3:a:oracle:concurrent_processing:12.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.14:*:*:*:*:*:*:*"
]
}
]
}
],
"affected_components": []
},
"intelligence": {
"tag": [
"RCE",
"PoC Disclosure",
"KEV"
],
"has_poc_public": true,
"has_poc_threatbook": false,
"has_kev": true,
"is_highrisk": true,
"has_solution": true
},
"pocs": [
{
"description": "A critical pre-authentication Remote Code Execution (RCE) flaw in Oracle E-Business Suite (versions 12.2.3 - 12.2.14) allows attackers to gain full control over vulnerable servers via malicious HTTP requests - now actively exploited in the wild.",
"title": "CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit",
"url": "https://github.com/AdityaBhatt3010/CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit",
"file_url": "https://ati.threatbook.io/api/web/vul/download/59def82321bdbb8492b4adffe33cfc7f.zip?key=975c712850e38f76a2362f904afd1a278d37971afc0c190cdeda5c0aebecc72b81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075aff9f4abe74030bdf6df47ef3e0b9812",
"x_verified": false
},
{
"description": "Detection for CVE-2025-61882",
"title": "CVE-2025-61882-CVE-2025-61884",
"url": "https://github.com/rxerium/CVE-2025-61882-CVE-2025-61884",
"file_url": "https://ati.threatbook.io/api/web/vul/download/c519872ec494e7f0eb6c5056660860bd.zip?key=0416022e625679aa237e804942d7a95b497ffa1f0f8081a63567e7f68b94e57781dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075aff9f4abe74030bdf6df47ef3e0b9812",
"x_verified": false
},
{
"description": "🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats.",
"title": "CVE-2025-61882-CVE-2025-61884",
"url": "https://github.com/siddu7575/CVE-2025-61882-CVE-2025-61884",
"file_url": "https://ati.threatbook.io/api/web/vul/download/b21d5016a975fd7ae662a99676c3866c.zip?key=dc893a9181054078068fae5024a9ba02eb0edf5a6670eab484749382dce2d62281dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "CVE-2025-61882: Oracle E-Business Suite RCE Scanner and Exploit ",
"title": "CVE-2025-61882",
"url": "https://github.com/godnish/CVE-2025-61882",
"file_url": "https://ati.threatbook.io/api/web/vul/download/87828f0d1c77dd5ea869350427dd6d0b.zip?key=da2322ac46e02031af07e96eea6cb6b270c61a3a74b247759a819b1ed3609b6181dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "CVE-2025-61882 — Critical Oracle EBS RCE: Analysis & Response",
"title": "CVE-2025-61882-Executive-Summary",
"url": "https://github.com/AshrafZaryouh/CVE-2025-61882-Executive-Summary",
"file_url": "https://ati.threatbook.io/api/web/vul/download/0ec8b93deb689a8742a058b037997af8.zip?key=62cbefd1a96655fd1c74996d266fb342c0135e4c5d6af615a5e378f4f33a2a0e81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "",
"title": "CVE-2025-61882-Oracle-EBS",
"url": "https://github.com/zerozenxlabs/CVE-2025-61882-Oracle-EBS",
"file_url": "https://ati.threatbook.io/api/web/vul/download/15f5430fa4a3d158136754b5e34056e4.zip?key=05b86aea1af570fafcf13564a8c12a6572dc4a93d8202cdca78b5f2beb8b762681dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "Sorumluluk Reddi Kendi sorumluluğunuzda kullanın, size ait olmayan veya tarama izninizin olmadığı altyapılarda gerçekleştireceğiniz yasa dışı faaliyetlerden sorumlu olmayacağım.",
"title": "CVE-2025-61882-CVE-2025-61884",
"url": "https://github.com/Zhert-lab/CVE-2025-61882-CVE-2025-61884",
"file_url": "https://ati.threatbook.io/api/web/vul/download/ffab9970d7ad04a659a16d8ec5fe3e80.zip?key=af4b5059b8d220b57a69274b369cf86ab615e4d118ac965124562ee803d62f1f81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "",
"title": "watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882",
"url": "https://github.com/watchtowrlabs/watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882",
"file_url": "https://ati.threatbook.io/api/web/vul/download/41bb534370877854cc581b8163959b8e.zip?key=89e0cf34fd3747bd49594f4e19885f611ca09c875dcdf9a88a7296b3f4be053a81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "",
"title": "CVE-2025-61882",
"url": "https://github.com/RootAid/CVE-2025-61882",
"file_url": "https://ati.threatbook.io/api/web/vul/download/050f5f5ad420684eed576efc1a74e338.zip?key=42f73c1e2d4a8f179f6bad2e0cd37611f1fa98dbac36bb2c435bf25da37997c481dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b2646820756b36cd4a5b2940ae8411c1470a2a9ab9",
"x_verified": false
},
{
"description": "",
"title": "/http/cves/2025/CVE-2025-61882.yaml",
"url": "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-61882.yaml",
"file_url": "https://ati.threatbook.io/api/web/vul/download/c0f578ccf57826481d529c7c34d21956.zip?key=6afb6d3eaa3e78c4258b9329b62f2e1b864937fa656593f39d6ed25984e74b4f81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b2646820756b36cd4a5b2940ae8411c1470a2a9ab9",
"x_verified": false
},
{
"description": "Detects Oracle E-Business Suite (CVE-2025-61882). Detection: multi-tier checks — fingerprinting, version checks, endpoint & SSRF tests, timing analysis & controlled exploitation 4 high-confidence results. Default = safe fingerprinting only. Set aggressive=true 2 enable active/probing checks use w/caution. Provided By BattalionX BattalionX@proton.me",
"title": "http-oracle-ebs-cve-2025-61882.nse",
"url": "https://github.com/BattalionX/http-oracle-ebs-cve-2025-61882.nse",
"file_url": "https://ati.threatbook.io/api/web/vul/download/f024d135178b17a5c455ac87bbfdbe30.zip?key=34373d1231c7b721cda7e1232df02152f33c6b29116973fafc99bda0e74dfcca81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b2646820756b36cd4a5b2940ae8411c1470a2a9ab9",
"x_verified": false
},
{
"description": "POC of CVE-2025-61882 ",
"title": "CVE-2025-61882-POC",
"url": "https://github.com/MindflareX/CVE-2025-61882-POC",
"file_url": "https://ati.threatbook.io/api/web/vul/download/42757c9c79fce46d53ab731d50540b69.zip?key=4419d14dbe29f9a161f66cc19bf53ad4c2473b04ac58141a2ea5328f5886694b81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b2646820756b36cd4a5b2940ae8411c1470a2a9ab9",
"x_verified": false
}
],
"solutions": [
{
"type": 0,
"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html",
"source": [
"Threatbook Lab"
],
"text": "The official version has been updated to address security vulnerabilities. Please visit the following link to download the latest update."
},
{
"type": 1,
"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html",
"source": [
"AI"
],
"text": "The official authorities have released a new version addressing this vulnerability, and it is highly recommended that affected users upgrade to the latest version promptly."
}
],
"patches": [
{
"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html",
"source": [
"AI"
],
"version": [],
"text": "The official patch addressing this vulnerability has been released. Affected users are strongly advised to apply the Oracle Security Alert CVE-2025-61882 patch [1][3] to ensure system security."
}
],
"path": [
"/OA_HTML/configurator/UiServlet,/OA_HTML/help/../ieshostedsurvey.jsp",
"/OA_HTML/configurator/UiServlet",
"/OA_HTML/help/../ieshostedsurvey.jsp"
],
"link": "https://portal-test.threatbook-inc.cn/vulnerability/XVE-2025-36247",
"basic_info": {
"description": "Oracle E-Business Suite (Oracle EBS) is a comprehensive, integrated enterprise-level business application suite developed by Oracle Corporation, designed to help businesses of all sizes digitize, automate, and optimize critical business processes. Leveraging over 30 years of Oracle's technological expertise, it continues to expand its functionality and innovate, finding widespread application in core business areas such as finance, human resources, supply chain management, and customer relationship management. \n\nAttackers can exploit this module through unauthenticated HTTP requests by taking advantage of input validation flaws in XML parameter processing, leading to server-side request forgery (SSRF) attacks. Due to insufficient CRLF protection, CRLF injection can be used during SSRF to manipulate HTTP requests, while path traversal vulnerabilities may bypass authentication. These can subsequently be combined with XSLT injection to achieve remote code execution.",
"references": [
{
"text": "",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-61882&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url="
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/the-hacker-news/oracle-0-day-bitlocker-bypass-vmscape-whatsapp-worm-more/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247494137&idx=1&sn=3dca11368ff3ac2ad1173747935ed03b"
},
{
"text": "",
"url": "https://sosransomware.com/ransomware/cl0p-oracle-ebs-une-centaine-entreprises-piratees-en-quelques-semaines/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/27517"
},
{
"text": "",
"url": "https://buaq.net/go-380014.html"
},
{
"text": "",
"url": "https://databreaches.net/category/hack/page/10/"
},
{
"text": "",
"url": "https://securitycurated.com/infrastructure-and-network-security/can-a-court-stop-clops-nhs-dark-web-leak/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/13546/amp"
},
{
"text": "",
"url": "https://firecompass.com/weekly-cybersecurity-intelligence-report-cyber-threats-breaches-2-dec-10-dec-2/"
},
{
"text": "",
"url": "https://www.itsecuritynews.info/google-and-mandiant-uncover-oracle-hack/"
},
{
"text": "",
"url": "https://cybermaterial.com/google-and-mandiant-uncover-oracle-hack/"
},
{
"text": "",
"url": "https://www.itsecuritynews.info/envoy-air-american-airlines-confirms-oracle-ebs-0-day-breach-linked-to-cl0p/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458605947&idx=3&sn=bb7036139789a7cff46a66928f33f0d3"
},
{
"text": "",
"url": "https://www.hipaajournal.com/nch-corporation-foundation-health-partners-one-community-health-breach/"
},
{
"text": "",
"url": "https://www.itsecuritynews.info/best-of-2025-oracle-breach-the-impact-is-bigger-than-you-think-grip/"
},
{
"text": "",
"url": "https://www.matricedigitale.it/2025/10/06/zero-day-in-zimbra-e-oracle-ebs-attacchi-con-file-icalendar-e-rce-estorsive-da-clop/"
},
{
"text": "",
"url": "https://databreaches.net/2025/10/06/update-on-the-emerging-cl0p-extortion-campaign-targeting-oracle-e-business-suite/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/8732"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/8710"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/8712"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247514291&idx=1&sn=fc37fdc44a6cd4021c8e788cbcc5ffb9"
},
{
"text": "",
"url": "https://securityaffairs.com/183049/security/u-s-cisa-adds-oracle-mozilla-microsoft-windows-linux-kernel-and-microsoft-ie-flaws-to-its-known-exploited-vulnerabilities-catalog.html"
},
{
"text": "",
"url": "https://blog.onsec.io/cyber-daily-10-7-oracle-e-business-suite-zero-day-exploited-fbi-uk-urge-patching-ais-role-in-cyber-defense-microsoft-warns-of-windows-10-vulnerability/"
},
{
"text": "",
"url": "https://thecyberwire.com/podcasts/daily-podcast/2407/transcript"
},
{
"text": "",
"url": "https://news.backbox.org/2025/10/07/skipping-the-airpods-pro-3-your-best-alternative-are-at-their-lowest-price-ever/"
},
{
"text": "",
"url": "https://news.backbox.org/2025/10/07/why-this-350-google-pixel-9a-deal-is-the-only-one-im-considering-for-prime-day/"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-october-8-2025-405-pm/"
},
{
"text": "",
"url": "https://www.secrss.com/articles/83778"
},
{
"text": "",
"url": "https://www.technadu.com/over-100-organizations-affected-in-oracle-hacking-campaign-by-cl0p-ransomware/611187/"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-october-10-2025-405-pm/"
},
{
"text": "",
"url": "https://www.purple-ops.io/resources-hottest-cves/velociraptor-cve-2025-6264-ransomware/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/9781"
},
{
"text": "",
"url": "https://securityleaders.com.br/mais-de-100-empresas-sao-afetadas-por-ataque-hacker-a-oracle-aponta-google/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/9752"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/9746"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-october-12-2025-1041-am/"
},
{
"text": "",
"url": "https://cybernoz.com/week-in-review-hackers-extorting-salesforce-centrestack-0-day-exploited/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzk1NzM4NzMyMw==&mid=2247485149&idx=1&sn=831df51dce1ae3d1fea6efa0bd4f1e77"
},
{
"text": "",
"url": "https://www.bleepingcomputer.com/news/security/harvard-investigating-breach-linked-to-oracle-zero-day-exploit/"
},
{
"text": "",
"url": "https://www.purple-ops.io/cybersecurity-threat-intelligence-blog/daily-ransomware-report-1013-2025/"
},
{
"text": "",
"url": "https://cybernoz.com/security-affairs-newsletter-round-545-by-pierluigi-paganini-international-edition/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247495017&idx=5&sn=8537ea32aa2402e3f02aa08f1c0a3d37"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247503335&idx=2&sn=49cec17929b4f7bab0e5e6cbc5450cdf"
},
{
"text": "",
"url": "https://resources.blackkite.com/blog/focus-friday-tprm-insights-on-oracle-ebs-jenkins-redis-draytek-vigor-zimbra-elastic-django-grafana-sillytavern-and-wp-yoast-seo/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651136513&idx=1&sn=d26ea5edaf6b96696f231aaa0f03d05b"
},
{
"text": "",
"url": "https://blog.rsisecurity.com/zero-day-vulnerabilities-2025-threats-and-mitigation/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/12652"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzkxMzAzMjU0OA==&mid=2247553396&idx=2&sn=5e2c0c0431b8ca71fe769d3c2a4194de"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/11839"
},
{
"text": "",
"url": "https://thecyberthrone.in/2025/10/20/unmasking-the-festival-of-ligths-hidden-cyber-threats/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzAwODU5NzYxOA==&mid=2247506594&idx=1&sn=57039c1f6e303ebdf22fb0af656c06b4"
},
{
"text": "",
"url": "https://www.dailysecu.com/news/articleView.html?idxno=201262"
},
{
"text": "",
"url": "https://www.cysecurity.news/2025/10/clop-ransomware-exploits-oracle-zero.html"
},
{
"text": "",
"url": "https://cybernoz.com/clop-ransomware-group-exploits-new-0-day-vulnerabilities-in-active-attacks/"
},
{
"text": "",
"url": "https://blog.netmanageit.com/clop-ransomware-dissecting-network-the-raven-file/"
},
{
"text": "",
"url": "https://theravenfile.com/2025/11/04/clop-ransomware-dissecting-network/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/oracle-possible-unauthorized-access-by-clop-ransomware-group-exploiting-known-vulnerability/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/large-scale-cyberattack-campaign-targeting-oracle-e-business-suite/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/oracle-e-business-suite-zero-day-attacks-google-and-mandiant-publish-attack-techniques-and-defenses/"
},
{
"text": "",
"url": "https://www.purple-ops.io/cybersecurity-threat-intelligence-blog/clop-zero-day-attacks/"
},
{
"text": "",
"url": "https://csirt.telconet.net/comunicacion/boletines-servicios/explotacion-critica-de-vulnerabilidad-en-oracle-e-business-suite-por-ransomware-cl0p/"
},
{
"text": "",
"url": "https://cybsec.world/nn/oracle-zero-day-ble-utnyttet-av-cl0p-flere-maneder-for-sikkerhetsoppdateringen/"
},
{
"text": "",
"url": "https://cybsec.world/oracle-zero-day-cl0p-exploited/"
},
{
"text": "",
"url": "https://cybsec.world/nn/oracle-ebs-zero-day-ble-utnyttet-i-clop-datatvitslopsangrep-og-er-na-fikset/"
},
{
"text": "",
"url": "https://cybsec.world/nn/hackere-utnytter-kritisk-oracle-ebs-sarbarhet-for-utpressing/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/sato-overseas-group-possible-data-leak-oracle-ebs-zero-day-cve-2025-61882/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3OTYxODQxNg==&mid=2247487178&idx=1&sn=ac72d5933bee184338a6a3e0af3ae72e"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/clop-ransomware-targets-oracle-ebs-cve-2025-61882-61884-lists-30-companies/"
},
{
"text": "",
"url": "https://teamwin.in/cl0p-ransomware-group-allegedly-claims-breach-of-entrust-in-oracle-0-day-ebs-hack/"
},
{
"text": "",
"url": "https://entryzero.ai/blog/allianz-breach/"
},
{
"text": "",
"url": "https://cyberinsider.com/logitech-customer-data-exposed-in-zero-day-flaw-cyberattack/"
},
{
"text": "",
"url": "https://dailysecurityreview.com/cyber-security/logitech-confirms-data-breach-after-clop-ransomware-attacks-oracle-systems/"
},
{
"text": "",
"url": "https://cybernoz.com/logitech-confirms-data-breach-help-net-security/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247501605&idx=2&sn=035e16bc79c227b11d7b230c59d6c787"
},
{
"text": "",
"url": "https://buaq.net/go-376966.html"
},
{
"text": "",
"url": "https://teamwin.in/lessons-from-oracle-e-business-suite-hack-that-allegedly-compromises-nearly-30-organizations-worldwide/"
},
{
"text": "",
"url": "https://buaq.net/jump-376966.htm"
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/cyber-security-news/oracle-allegedly-breached-by-clop-ransomware-via-e-business-suite-0-day-hack/"
},
{
"text": "",
"url": "https://gbhackers.com/clop-ransomware-claims-oracle-breach-using-e-business-suite-0-day/"
},
{
"text": "",
"url": "https://cybersecuritynews.com/broadcom-allegedly-breached-by-clop-ransomware/"
},
{
"text": "",
"url": "https://cybernoz.com/broadcom-allegedly-breached-by-clop-ransomware-via-e-business-suite-0-day-hack/"
},
{
"text": "",
"url": "https://undercodenews.com/clops-zero-day-shockwave-oracle-listed-as-victim-in-a-high-stakes-ransomware-extortion-campaign/"
},
{
"text": "",
"url": "https://securebulletin.com/oracle-hit-clops-zero-day-exploit-leaves-tech-giant-exposed/"
},
{
"text": "",
"url": "https://meterpreter.org/cl0p-zero-day-hits-oracle-e-business-suite-cve-2025-61882-compromising-global-giants/"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-november-24-2025-405-pm/"
},
{
"text": "",
"url": "https://thecybernews.com/oracle-hit-by-clop/"
},
{
"text": "",
"url": "https://healsecurity.com/canon-allegedly-breached-by-clop-ransomware-via-oracle-e-business-suite-0-day-hack/"
},
{
"text": "",
"url": "https://www.purple-ops.io/cybersecurity-threat-intelligence-blog/daily-ransomware-1-1-2026/"
},
{
"text": "",
"url": "https://cybersecuritynews.com/canon-breached-clop-ransomware-oracle-ebs-hack/"
},
{
"text": "",
"url": "https://beyondmachines.net/event_details/oracle-releases-emergency-patch-for-e-business-suite-as-ransomware-gang-pushes-extortion-campaign-d-f-0-7-4"
},
{
"text": "",
"url": "https://www.resecurity.com/blog/article/cve-2025-61882-mass-exploitation-oracle-e-business-suite-ebs-under-attack-by-cl0p-ransomware"
},
{
"text": "",
"url": "https://securityonline.info/oracle-ebs-zero-day-cve-2025-61882-under-active-rce-exploitation-by-graceful-spider/"
},
{
"text": "",
"url": "https://www.theregister.com/2025/10/07/clop_oracle_ebs/"
},
{
"text": "",
"url": "https://securitycurated.com/malware-and-threats/how-does-sophisticated-malware-target-oracle-ebs-zero-days/"
},
{
"text": "",
"url": "https://buaq.net/go-367586.html"
},
{
"text": "",
"url": "https://undercodenews.com/cl0p-ransomware-group-exploits-oracle-e-business-suite-flaw-cve-2025-61882-a-new-cyberstorm-unfolds/"
},
{
"text": "",
"url": "https://cybersecuritycast.com/%d9%86%d8%b5%d9%88%d8%b5-%d8%a7%d8%b3%d8%aa%d8%ba%d9%84%d8%a7%d9%84-%d9%85%d8%b3%d8%b1%d8%a8%d8%a9-%d9%82%d8%af-%d8%aa%d8%b4%d8%b9%d9%84-%d9%85%d9%88%d8%ac%d8%a9-%d9%87%d8%ac%d9%85%d8%a7%d8%aa-%d8%ac/"
},
{
"text": "",
"url": "https://www.theregister.com/2025/10/09/miscreants_head_start_oracle_ebs_invasion/"
},
{
"text": "",
"url": "https://www.matricedigitale.it/2025/10/10/cl0p-viola-oracle-ebs-mandiant-indaga-e-aws-corre-ai-ripari/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247533015&idx=1&sn=503b9d6a19714dc4da938c0db3732488"
},
{
"text": "",
"url": "https://beyondmachines.net/event_details/harvard-university-investigates-data-breach-linked-to-critical-oracle-zero-day-flaw-l-7-3-g-1"
},
{
"text": "",
"url": "https://www.matricedigitale.it/2025/10/13/harvard-indaga-su-zero-day-oracle-ed-europol-traccia-vittime-nellhackaton-empact-thb/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247493792&idx=1&sn=fe15e810c021cb77e9a99d8008238d14"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/harvard-university-investigates-possible-data-breach-from-oracle-e-business-suite-zero-day-attack-as-clop-threatens-leak/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247495033&idx=3&sn=652161f36966bb3f6d9b010df6379a1b"
},
{
"text": "",
"url": "https://www.redhotcyber.com/post/universita-di-harvard-colpita-da-campagna-di-hacking-tramite-oracle-e-business-suite/"
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/security-week-news/american-airlines-subsidiary-envoy-air-hit-by-oracle-hack/"
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/security-week-news/cisa-confirms-exploitation-of-latest-oracle-ebs-vulnerability/"
},
{
"text": "",
"url": "https://www.seqrite.com/blog/anatomy-of-the-red-hat-intrusion-crimson-collective-and-slsh-extortions/"
},
{
"text": "",
"url": "https://www.darkreading.com/vulnerabilities-threats/oracle-ebs-attack-victims-more-numerous-expected"
},
{
"text": "",
"url": "https://undercodenews.com/washington-post-data-breach-nearly-10000-employees-and-contractors-affected-in-oracle-hack/"
},
{
"text": "",
"url": "https://gbhackers.com/clop-ransomware/"
},
{
"text": "",
"url": "https://beyondmachines.net/event_details/allianz-uk-reports-breach-through-compromise-of-oracle-e-business-suite-w-o-n-k-y"
},
{
"text": "",
"url": "https://www.theregister.com/2025/11/11/hitachiowned_globallogic_admits_data_stolen/"
},
{
"text": "",
"url": "https://www.bleepingcomputer.com/news/security/globallogic-warns-10-000-employees-of-data-theft-after-oracle-breach/"
},
{
"text": "",
"url": "https://undercodenews.com/hitachi-subsidiary-globallogic-hit-by-clop-ransomware-attack-exploiting-oracle-zero-day/"
},
{
"text": "",
"url": "https://beyondmachines.net/event_details/nhs-investigating-potential-breach-after-ransomware-group-claims-breach-of-oracle-e-business-suite-q-e-4-y-n"
},
{
"text": "",
"url": "https://cybersecuritynews.com/entrust-oracle-0-day-ebs-hack/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/washington-post-oracle-ebs-attack-9720-data-leak/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458604320&idx=2&sn=364d0c2862669459505599b2fa67b41f"
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/cyber-security-news/lessons-from-oracle-e-business-suite-hack-that-allegedly-compromises-nearly-30-organizations-worldwide/"
},
{
"text": "",
"url": "https://www.freebuf.com/articles/es/458296.html"
},
{
"text": "",
"url": "https://teamwin.in/oracle-allegedly-breached-by-clop-ransomware-via-e-business-suite-0-day-hack/"
},
{
"text": "",
"url": "https://thedefendopsdiaries.com/how-zero-day-vulnerabilities-empower-modern-ransomware-lessons-from-the-dartmouth-college-breach/"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-november-25-2025-405-pm/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/mazda-says-clop-cyberattack-had-no-impact-possible-oracle-ebs-vulnerability/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/19944/amp"
},
{
"text": "",
"url": "https://thedefendopsdiaries.com/how-a-single-oracle-zero-day-breach-rippled-across-industries-the-barts-health-nhs-incident/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/26799"
},
{
"text": "",
"url": "https://www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/34840"
},
{
"text": "",
"url": "https://www.itsecuritynews.info/cl0p-exploits-oracle-e-business-suite-zero-day-in-data-theft-extortion-campaign-cve-2025-61882/"
},
{
"text": "",
"url": "https://cybermaterial.com/oracle-ebs-hack-hits-nearly-30-victims/"
},
{
"text": "",
"url": "https://ti.dbappsecurity.com.cn/info/13674"
},
{
"text": "",
"url": "https://www.cysecurity.news/2026/01/35-million-students-impacted-in-us.html"
},
{
"text": "",
"url": "https://blogs.oracle.com/security/post/apply-july-2025-cpu"
},
{
"text": "",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882"
},
{
"text": "",
"url": "https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/"
},
{
"text": "",
"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html"
}
],
"timeline": [
{
"event_list": [
"Public Disclosure"
],
"event_time": "2025-10-04 16:00:00"
},
{
"event_list": [
"Vulnerability Recorded"
],
"event_time": "2025-10-05 03:30:07"
},
{
"event_list": [
"Exploitation Activity Observed"
],
"event_time": "2025-10-06 21:10:17"
},
{
"event_list": [
"PoC Recorded"
],
"event_time": "2025-10-06 22:28:32"
},
{
"event_list": [
"Remediation Available",
"Temporary Mitigation Available"
],
"event_time": "2025-10-09 03:02:05"
}
],
"xve_id": "XVE-2025-36247",
"cve_id": "CVE-2025-61882",
"cnnvd_id": [
"CNNVD-202510-745"
],
"vuln_name": "Oracle E-Business Suite Remote Code Execution Vulnerability",
"vuln_category": "Remote Code Execution",
"publish_time": 1759593600,
"update_time": 1768040795,
"threatbook_create_time": 1759635007
},
"temporary_mitigation": {
"public_temporary_mitigations": {
"source": "AI",
"text": "Interim mitigation measures for the CVE-2025-61882 vulnerability include: \n1. Investigate outbound connections from Oracle EBS instances to known malicious infrastructure [1] \n2. Search for malicious templates in `xdo_templates_vl` that match URL references in `TemplateCode` [1] \n3. Collaborate with relevant Oracle database administrators to review potentially affected systems [1] \n4. Examine suspicious sessions in `icx_sessions` involving `UserID 0` (sysadmin) and `UserID 6` (guest) [1] \n5. Consider temporarily disabling internet access for exposed Oracle EBS services [1] \n6. Protect EBS instances using a Web Application Firewall (WAF) [1]"
},
"configuration_level_mitigation": {
"source": "Threatbook Lab",
"text": "Implement protective measures by utilizing security equipment to restrict access to the following paths: /OA_HTML/configurator/UiServlet and /OA_HTML/help/../ieshostedsurvey.jsp."
},
"network_level_mitigation": {
"source": "Threatbook Lab",
"text": "Unless absolutely necessary, avoid exposing assets to the internet."
}
}
}
],
"total": 1
},
"response_code": 200,
"msg": "Success"
}Vulnerabilities
Vulnerability Intelligence
Supports integrating vulnerability information into automated operations workflows, providing access to public vulnerability details, risk assessments, PoCs, remediation recommendations, patches, and more.
POST
/
v2
/
vulnerability
/
query
Vulnerability Intelligence(V2)
Copy
curl --request POST \
--url https://api.threatbook.io/v2/vulnerability/queryCopy
{
"data": {
"items": [
{
"evaluation": {
"x_vpt": {
"vpr": 10,
"vector_string": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A",
"risk_level": "High"
},
"cvss_v4": {
"cvss_basic_score": 9.3,
"cvss_grade": "CRITICAL",
"cvss_vector_string": "AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"cvss_vector": {
"cvss_privileges_required": "NONE",
"cvss_attack_complexity": "LOW",
"cvss_attack_vector": "NETWORK",
"cvss_ui": "NONE",
"cvss_attack_requirements": "NONE",
"cvss_vulnerable_system_confidentiality": "HIGH",
"cvss_vulnerable_system_integrity": "HIGH",
"cvss_vulnerable_system_availability": "HIGH",
"cvss_subsequent_system_confidentiality": "NONE",
"cvss_subsequent_system_integrity": "NONE",
"cvss_subsequent_system_availability": "NONE"
}
},
"cvss_v3": {
"cvss_basic_score": 9.8,
"cvss_grade": "CRITICAL",
"cvss_exploitability": 5.9,
"cvss_impact_subscore": 3.9,
"cvss_vector_string": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cvss_vector": {
"cvss_privileges_required": "NONE",
"cvss_confidentiality": "HIGH",
"cvss_attack_complexity": "LOW",
"cvss_integrity": "HIGH",
"cvss_availability": "HIGH",
"cvss_attack_vector": "NETWORK",
"cvss_scope": "UNCHANGED",
"cvss_ui": "NONE"
}
},
"cvss_v2": {}
},
"impact": {
"platform": [
"Applications"
],
"affected_vendors_products": [
{
"product": "Oracle E-Business Suite",
"vendor": "Oracle",
"version": [],
"version_comparison": {
"including": [],
"excluding": [],
"version_list": [
{
"range": "12.2.3<=version<=12.2.14"
}
]
},
"vendor_alias": [
"oracle",
"Weblogic-framework Project",
"Weblogic-framework",
"weblogic-framework_project",
"Weblogic-framework_",
"weblogicframework",
"Oracle Financial Services Applications",
"oraclefinancialservicesapplications",
"Oracle Financial Services",
"oraclefinancialservices",
"Oracle Corporation",
"oraclecorporation",
"Oracle Retail Applications",
"oracleretailapplications",
"Oracle Sun",
"oraclesun",
"Oracle AB",
"oracleab",
"Diagnostics Oracle",
"diagnosticsoracle",
"oracle8i",
"bea",
"bea_systems",
"Bea Systems",
"beasystems",
"jiaguwengufenyouxiangongsi",
"jiaguwen",
"mysql",
"Mysql Project",
"MySQL AB",
"mysqlab",
"weblogicframeworkproject",
"mysql_project",
"mysqlproject",
"E-Business Suite Oracle",
"ebusinesssuiteoracle",
"Oracle PeopleSoft",
"oraclepeoplesoft",
"Oracle Virtualization",
"oraclevirtualization",
"Oracle Hospitality",
"oraclehospitality",
"Oracle Communications Applications",
"oraclecommunicationsapplications"
],
"product_alias": [
"Oracle Concurrent Processing",
"oracleconcurrentprocessing",
"concurrent_processing",
"Concurrent Processing",
"concurrentprocessing",
"Oracle E-Business Suite",
"e-business_suite",
"oracleebusinesssuite",
"ebusinesssuite",
"E-business Suite"
]
}
],
"cpe": [
{
"cpe_match": [
{
"cpe_uri": "cpe:2.3:a:oracle:concurrent_processing:*:*:*:*:*:*:*:*",
"cpe_name": [
"cpe:2.3:a:oracle:concurrent_processing:12.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:concurrent_processing:12.2.14:*:*:*:*:*:*:*"
]
}
]
}
],
"affected_components": []
},
"intelligence": {
"tag": [
"RCE",
"PoC Disclosure",
"KEV"
],
"has_poc_public": true,
"has_poc_threatbook": false,
"has_kev": true,
"is_highrisk": true,
"has_solution": true
},
"pocs": [
{
"description": "A critical pre-authentication Remote Code Execution (RCE) flaw in Oracle E-Business Suite (versions 12.2.3 - 12.2.14) allows attackers to gain full control over vulnerable servers via malicious HTTP requests - now actively exploited in the wild.",
"title": "CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit",
"url": "https://github.com/AdityaBhatt3010/CVE-2025-61882-Oracle-E-Business-Suite-Pre-Auth-RCE-Exploit",
"file_url": "https://ati.threatbook.io/api/web/vul/download/59def82321bdbb8492b4adffe33cfc7f.zip?key=975c712850e38f76a2362f904afd1a278d37971afc0c190cdeda5c0aebecc72b81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075aff9f4abe74030bdf6df47ef3e0b9812",
"x_verified": false
},
{
"description": "Detection for CVE-2025-61882",
"title": "CVE-2025-61882-CVE-2025-61884",
"url": "https://github.com/rxerium/CVE-2025-61882-CVE-2025-61884",
"file_url": "https://ati.threatbook.io/api/web/vul/download/c519872ec494e7f0eb6c5056660860bd.zip?key=0416022e625679aa237e804942d7a95b497ffa1f0f8081a63567e7f68b94e57781dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075aff9f4abe74030bdf6df47ef3e0b9812",
"x_verified": false
},
{
"description": "🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats.",
"title": "CVE-2025-61882-CVE-2025-61884",
"url": "https://github.com/siddu7575/CVE-2025-61882-CVE-2025-61884",
"file_url": "https://ati.threatbook.io/api/web/vul/download/b21d5016a975fd7ae662a99676c3866c.zip?key=dc893a9181054078068fae5024a9ba02eb0edf5a6670eab484749382dce2d62281dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "CVE-2025-61882: Oracle E-Business Suite RCE Scanner and Exploit ",
"title": "CVE-2025-61882",
"url": "https://github.com/godnish/CVE-2025-61882",
"file_url": "https://ati.threatbook.io/api/web/vul/download/87828f0d1c77dd5ea869350427dd6d0b.zip?key=da2322ac46e02031af07e96eea6cb6b270c61a3a74b247759a819b1ed3609b6181dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "CVE-2025-61882 — Critical Oracle EBS RCE: Analysis & Response",
"title": "CVE-2025-61882-Executive-Summary",
"url": "https://github.com/AshrafZaryouh/CVE-2025-61882-Executive-Summary",
"file_url": "https://ati.threatbook.io/api/web/vul/download/0ec8b93deb689a8742a058b037997af8.zip?key=62cbefd1a96655fd1c74996d266fb342c0135e4c5d6af615a5e378f4f33a2a0e81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "",
"title": "CVE-2025-61882-Oracle-EBS",
"url": "https://github.com/zerozenxlabs/CVE-2025-61882-Oracle-EBS",
"file_url": "https://ati.threatbook.io/api/web/vul/download/15f5430fa4a3d158136754b5e34056e4.zip?key=05b86aea1af570fafcf13564a8c12a6572dc4a93d8202cdca78b5f2beb8b762681dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "Sorumluluk Reddi Kendi sorumluluğunuzda kullanın, size ait olmayan veya tarama izninizin olmadığı altyapılarda gerçekleştireceğiniz yasa dışı faaliyetlerden sorumlu olmayacağım.",
"title": "CVE-2025-61882-CVE-2025-61884",
"url": "https://github.com/Zhert-lab/CVE-2025-61882-CVE-2025-61884",
"file_url": "https://ati.threatbook.io/api/web/vul/download/ffab9970d7ad04a659a16d8ec5fe3e80.zip?key=af4b5059b8d220b57a69274b369cf86ab615e4d118ac965124562ee803d62f1f81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "",
"title": "watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882",
"url": "https://github.com/watchtowrlabs/watchTowr-vs-Oracle-E-Business-Suite-CVE-2025-61882",
"file_url": "https://ati.threatbook.io/api/web/vul/download/41bb534370877854cc581b8163959b8e.zip?key=89e0cf34fd3747bd49594f4e19885f611ca09c875dcdf9a88a7296b3f4be053a81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b264682075a5085159691d320ae6628d63106ebcef",
"x_verified": false
},
{
"description": "",
"title": "CVE-2025-61882",
"url": "https://github.com/RootAid/CVE-2025-61882",
"file_url": "https://ati.threatbook.io/api/web/vul/download/050f5f5ad420684eed576efc1a74e338.zip?key=42f73c1e2d4a8f179f6bad2e0cd37611f1fa98dbac36bb2c435bf25da37997c481dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b2646820756b36cd4a5b2940ae8411c1470a2a9ab9",
"x_verified": false
},
{
"description": "",
"title": "/http/cves/2025/CVE-2025-61882.yaml",
"url": "https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-61882.yaml",
"file_url": "https://ati.threatbook.io/api/web/vul/download/c0f578ccf57826481d529c7c34d21956.zip?key=6afb6d3eaa3e78c4258b9329b62f2e1b864937fa656593f39d6ed25984e74b4f81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b2646820756b36cd4a5b2940ae8411c1470a2a9ab9",
"x_verified": false
},
{
"description": "Detects Oracle E-Business Suite (CVE-2025-61882). Detection: multi-tier checks — fingerprinting, version checks, endpoint & SSRF tests, timing analysis & controlled exploitation 4 high-confidence results. Default = safe fingerprinting only. Set aggressive=true 2 enable active/probing checks use w/caution. Provided By BattalionX BattalionX@proton.me",
"title": "http-oracle-ebs-cve-2025-61882.nse",
"url": "https://github.com/BattalionX/http-oracle-ebs-cve-2025-61882.nse",
"file_url": "https://ati.threatbook.io/api/web/vul/download/f024d135178b17a5c455ac87bbfdbe30.zip?key=34373d1231c7b721cda7e1232df02152f33c6b29116973fafc99bda0e74dfcca81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b2646820756b36cd4a5b2940ae8411c1470a2a9ab9",
"x_verified": false
},
{
"description": "POC of CVE-2025-61882 ",
"title": "CVE-2025-61882-POC",
"url": "https://github.com/MindflareX/CVE-2025-61882-POC",
"file_url": "https://ati.threatbook.io/api/web/vul/download/42757c9c79fce46d53ab731d50540b69.zip?key=4419d14dbe29f9a161f66cc19bf53ad4c2473b04ac58141a2ea5328f5886694b81dafcc5c18d3684bcef92a1dc2d613eada4606df5204ef4e5a5bc18fbdf433859c13d8fafc65d16b4d504ae0c1ddfadf5ab1c3868d8b135678ab9dc242b93250f07febb6cb152468ad78f161acd84d9fd059b3e3e39b8a6f9bc85324b0aebb66bad115cc6594166fd1876b2646820756b36cd4a5b2940ae8411c1470a2a9ab9",
"x_verified": false
}
],
"solutions": [
{
"type": 0,
"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html",
"source": [
"Threatbook Lab"
],
"text": "The official version has been updated to address security vulnerabilities. Please visit the following link to download the latest update."
},
{
"type": 1,
"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html",
"source": [
"AI"
],
"text": "The official authorities have released a new version addressing this vulnerability, and it is highly recommended that affected users upgrade to the latest version promptly."
}
],
"patches": [
{
"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html",
"source": [
"AI"
],
"version": [],
"text": "The official patch addressing this vulnerability has been released. Affected users are strongly advised to apply the Oracle Security Alert CVE-2025-61882 patch [1][3] to ensure system security."
}
],
"path": [
"/OA_HTML/configurator/UiServlet,/OA_HTML/help/../ieshostedsurvey.jsp",
"/OA_HTML/configurator/UiServlet",
"/OA_HTML/help/../ieshostedsurvey.jsp"
],
"link": "https://portal-test.threatbook-inc.cn/vulnerability/XVE-2025-36247",
"basic_info": {
"description": "Oracle E-Business Suite (Oracle EBS) is a comprehensive, integrated enterprise-level business application suite developed by Oracle Corporation, designed to help businesses of all sizes digitize, automate, and optimize critical business processes. Leveraging over 30 years of Oracle's technological expertise, it continues to expand its functionality and innovate, finding widespread application in core business areas such as finance, human resources, supply chain management, and customer relationship management. \n\nAttackers can exploit this module through unauthenticated HTTP requests by taking advantage of input validation flaws in XML parameter processing, leading to server-side request forgery (SSRF) attacks. Due to insufficient CRLF protection, CRLF injection can be used during SSRF to manipulate HTTP requests, while path traversal vulnerabilities may bypass authentication. These can subsequently be combined with XSLT injection to achieve remote code execution.",
"references": [
{
"text": "",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-61882&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url="
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/the-hacker-news/oracle-0-day-bitlocker-bypass-vmscape-whatsapp-worm-more/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247494137&idx=1&sn=3dca11368ff3ac2ad1173747935ed03b"
},
{
"text": "",
"url": "https://sosransomware.com/ransomware/cl0p-oracle-ebs-une-centaine-entreprises-piratees-en-quelques-semaines/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/27517"
},
{
"text": "",
"url": "https://buaq.net/go-380014.html"
},
{
"text": "",
"url": "https://databreaches.net/category/hack/page/10/"
},
{
"text": "",
"url": "https://securitycurated.com/infrastructure-and-network-security/can-a-court-stop-clops-nhs-dark-web-leak/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/13546/amp"
},
{
"text": "",
"url": "https://firecompass.com/weekly-cybersecurity-intelligence-report-cyber-threats-breaches-2-dec-10-dec-2/"
},
{
"text": "",
"url": "https://www.itsecuritynews.info/google-and-mandiant-uncover-oracle-hack/"
},
{
"text": "",
"url": "https://cybermaterial.com/google-and-mandiant-uncover-oracle-hack/"
},
{
"text": "",
"url": "https://www.itsecuritynews.info/envoy-air-american-airlines-confirms-oracle-ebs-0-day-breach-linked-to-cl0p/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458605947&idx=3&sn=bb7036139789a7cff46a66928f33f0d3"
},
{
"text": "",
"url": "https://www.hipaajournal.com/nch-corporation-foundation-health-partners-one-community-health-breach/"
},
{
"text": "",
"url": "https://www.itsecuritynews.info/best-of-2025-oracle-breach-the-impact-is-bigger-than-you-think-grip/"
},
{
"text": "",
"url": "https://www.matricedigitale.it/2025/10/06/zero-day-in-zimbra-e-oracle-ebs-attacchi-con-file-icalendar-e-rce-estorsive-da-clop/"
},
{
"text": "",
"url": "https://databreaches.net/2025/10/06/update-on-the-emerging-cl0p-extortion-campaign-targeting-oracle-e-business-suite/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/8732"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/8710"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/8712"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzkyMjQ5ODk5OA==&mid=2247514291&idx=1&sn=fc37fdc44a6cd4021c8e788cbcc5ffb9"
},
{
"text": "",
"url": "https://securityaffairs.com/183049/security/u-s-cisa-adds-oracle-mozilla-microsoft-windows-linux-kernel-and-microsoft-ie-flaws-to-its-known-exploited-vulnerabilities-catalog.html"
},
{
"text": "",
"url": "https://blog.onsec.io/cyber-daily-10-7-oracle-e-business-suite-zero-day-exploited-fbi-uk-urge-patching-ais-role-in-cyber-defense-microsoft-warns-of-windows-10-vulnerability/"
},
{
"text": "",
"url": "https://thecyberwire.com/podcasts/daily-podcast/2407/transcript"
},
{
"text": "",
"url": "https://news.backbox.org/2025/10/07/skipping-the-airpods-pro-3-your-best-alternative-are-at-their-lowest-price-ever/"
},
{
"text": "",
"url": "https://news.backbox.org/2025/10/07/why-this-350-google-pixel-9a-deal-is-the-only-one-im-considering-for-prime-day/"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-october-8-2025-405-pm/"
},
{
"text": "",
"url": "https://www.secrss.com/articles/83778"
},
{
"text": "",
"url": "https://www.technadu.com/over-100-organizations-affected-in-oracle-hacking-campaign-by-cl0p-ransomware/611187/"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-october-10-2025-405-pm/"
},
{
"text": "",
"url": "https://www.purple-ops.io/resources-hottest-cves/velociraptor-cve-2025-6264-ransomware/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/9781"
},
{
"text": "",
"url": "https://securityleaders.com.br/mais-de-100-empresas-sao-afetadas-por-ataque-hacker-a-oracle-aponta-google/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/9752"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/9746"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-october-12-2025-1041-am/"
},
{
"text": "",
"url": "https://cybernoz.com/week-in-review-hackers-extorting-salesforce-centrestack-0-day-exploited/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzk1NzM4NzMyMw==&mid=2247485149&idx=1&sn=831df51dce1ae3d1fea6efa0bd4f1e77"
},
{
"text": "",
"url": "https://www.bleepingcomputer.com/news/security/harvard-investigating-breach-linked-to-oracle-zero-day-exploit/"
},
{
"text": "",
"url": "https://www.purple-ops.io/cybersecurity-threat-intelligence-blog/daily-ransomware-report-1013-2025/"
},
{
"text": "",
"url": "https://cybernoz.com/security-affairs-newsletter-round-545-by-pierluigi-paganini-international-edition/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247495017&idx=5&sn=8537ea32aa2402e3f02aa08f1c0a3d37"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzkzNDIzNDUxOQ==&mid=2247503335&idx=2&sn=49cec17929b4f7bab0e5e6cbc5450cdf"
},
{
"text": "",
"url": "https://resources.blackkite.com/blog/focus-friday-tprm-insights-on-oracle-ebs-jenkins-redis-draytek-vigor-zimbra-elastic-django-grafana-sillytavern-and-wp-yoast-seo/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651136513&idx=1&sn=d26ea5edaf6b96696f231aaa0f03d05b"
},
{
"text": "",
"url": "https://blog.rsisecurity.com/zero-day-vulnerabilities-2025-threats-and-mitigation/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/12652"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzkxMzAzMjU0OA==&mid=2247553396&idx=2&sn=5e2c0c0431b8ca71fe769d3c2a4194de"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/11839"
},
{
"text": "",
"url": "https://thecyberthrone.in/2025/10/20/unmasking-the-festival-of-ligths-hidden-cyber-threats/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzAwODU5NzYxOA==&mid=2247506594&idx=1&sn=57039c1f6e303ebdf22fb0af656c06b4"
},
{
"text": "",
"url": "https://www.dailysecu.com/news/articleView.html?idxno=201262"
},
{
"text": "",
"url": "https://www.cysecurity.news/2025/10/clop-ransomware-exploits-oracle-zero.html"
},
{
"text": "",
"url": "https://cybernoz.com/clop-ransomware-group-exploits-new-0-day-vulnerabilities-in-active-attacks/"
},
{
"text": "",
"url": "https://blog.netmanageit.com/clop-ransomware-dissecting-network-the-raven-file/"
},
{
"text": "",
"url": "https://theravenfile.com/2025/11/04/clop-ransomware-dissecting-network/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/oracle-possible-unauthorized-access-by-clop-ransomware-group-exploiting-known-vulnerability/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/large-scale-cyberattack-campaign-targeting-oracle-e-business-suite/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/oracle-e-business-suite-zero-day-attacks-google-and-mandiant-publish-attack-techniques-and-defenses/"
},
{
"text": "",
"url": "https://www.purple-ops.io/cybersecurity-threat-intelligence-blog/clop-zero-day-attacks/"
},
{
"text": "",
"url": "https://csirt.telconet.net/comunicacion/boletines-servicios/explotacion-critica-de-vulnerabilidad-en-oracle-e-business-suite-por-ransomware-cl0p/"
},
{
"text": "",
"url": "https://cybsec.world/nn/oracle-zero-day-ble-utnyttet-av-cl0p-flere-maneder-for-sikkerhetsoppdateringen/"
},
{
"text": "",
"url": "https://cybsec.world/oracle-zero-day-cl0p-exploited/"
},
{
"text": "",
"url": "https://cybsec.world/nn/oracle-ebs-zero-day-ble-utnyttet-i-clop-datatvitslopsangrep-og-er-na-fikset/"
},
{
"text": "",
"url": "https://cybsec.world/nn/hackere-utnytter-kritisk-oracle-ebs-sarbarhet-for-utpressing/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/sato-overseas-group-possible-data-leak-oracle-ebs-zero-day-cve-2025-61882/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3OTYxODQxNg==&mid=2247487178&idx=1&sn=ac72d5933bee184338a6a3e0af3ae72e"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/clop-ransomware-targets-oracle-ebs-cve-2025-61882-61884-lists-30-companies/"
},
{
"text": "",
"url": "https://teamwin.in/cl0p-ransomware-group-allegedly-claims-breach-of-entrust-in-oracle-0-day-ebs-hack/"
},
{
"text": "",
"url": "https://entryzero.ai/blog/allianz-breach/"
},
{
"text": "",
"url": "https://cyberinsider.com/logitech-customer-data-exposed-in-zero-day-flaw-cyberattack/"
},
{
"text": "",
"url": "https://dailysecurityreview.com/cyber-security/logitech-confirms-data-breach-after-clop-ransomware-attacks-oracle-systems/"
},
{
"text": "",
"url": "https://cybernoz.com/logitech-confirms-data-breach-help-net-security/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247501605&idx=2&sn=035e16bc79c227b11d7b230c59d6c787"
},
{
"text": "",
"url": "https://buaq.net/go-376966.html"
},
{
"text": "",
"url": "https://teamwin.in/lessons-from-oracle-e-business-suite-hack-that-allegedly-compromises-nearly-30-organizations-worldwide/"
},
{
"text": "",
"url": "https://buaq.net/jump-376966.htm"
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/cyber-security-news/oracle-allegedly-breached-by-clop-ransomware-via-e-business-suite-0-day-hack/"
},
{
"text": "",
"url": "https://gbhackers.com/clop-ransomware-claims-oracle-breach-using-e-business-suite-0-day/"
},
{
"text": "",
"url": "https://cybersecuritynews.com/broadcom-allegedly-breached-by-clop-ransomware/"
},
{
"text": "",
"url": "https://cybernoz.com/broadcom-allegedly-breached-by-clop-ransomware-via-e-business-suite-0-day-hack/"
},
{
"text": "",
"url": "https://undercodenews.com/clops-zero-day-shockwave-oracle-listed-as-victim-in-a-high-stakes-ransomware-extortion-campaign/"
},
{
"text": "",
"url": "https://securebulletin.com/oracle-hit-clops-zero-day-exploit-leaves-tech-giant-exposed/"
},
{
"text": "",
"url": "https://meterpreter.org/cl0p-zero-day-hits-oracle-e-business-suite-cve-2025-61882-compromising-global-giants/"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-november-24-2025-405-pm/"
},
{
"text": "",
"url": "https://thecybernews.com/oracle-hit-by-clop/"
},
{
"text": "",
"url": "https://healsecurity.com/canon-allegedly-breached-by-clop-ransomware-via-oracle-e-business-suite-0-day-hack/"
},
{
"text": "",
"url": "https://www.purple-ops.io/cybersecurity-threat-intelligence-blog/daily-ransomware-1-1-2026/"
},
{
"text": "",
"url": "https://cybersecuritynews.com/canon-breached-clop-ransomware-oracle-ebs-hack/"
},
{
"text": "",
"url": "https://beyondmachines.net/event_details/oracle-releases-emergency-patch-for-e-business-suite-as-ransomware-gang-pushes-extortion-campaign-d-f-0-7-4"
},
{
"text": "",
"url": "https://www.resecurity.com/blog/article/cve-2025-61882-mass-exploitation-oracle-e-business-suite-ebs-under-attack-by-cl0p-ransomware"
},
{
"text": "",
"url": "https://securityonline.info/oracle-ebs-zero-day-cve-2025-61882-under-active-rce-exploitation-by-graceful-spider/"
},
{
"text": "",
"url": "https://www.theregister.com/2025/10/07/clop_oracle_ebs/"
},
{
"text": "",
"url": "https://securitycurated.com/malware-and-threats/how-does-sophisticated-malware-target-oracle-ebs-zero-days/"
},
{
"text": "",
"url": "https://buaq.net/go-367586.html"
},
{
"text": "",
"url": "https://undercodenews.com/cl0p-ransomware-group-exploits-oracle-e-business-suite-flaw-cve-2025-61882-a-new-cyberstorm-unfolds/"
},
{
"text": "",
"url": "https://cybersecuritycast.com/%d9%86%d8%b5%d9%88%d8%b5-%d8%a7%d8%b3%d8%aa%d8%ba%d9%84%d8%a7%d9%84-%d9%85%d8%b3%d8%b1%d8%a8%d8%a9-%d9%82%d8%af-%d8%aa%d8%b4%d8%b9%d9%84-%d9%85%d9%88%d8%ac%d8%a9-%d9%87%d8%ac%d9%85%d8%a7%d8%aa-%d8%ac/"
},
{
"text": "",
"url": "https://www.theregister.com/2025/10/09/miscreants_head_start_oracle_ebs_invasion/"
},
{
"text": "",
"url": "https://www.matricedigitale.it/2025/10/10/cl0p-viola-oracle-ebs-mandiant-indaga-e-aws-corre-ai-ripari/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247533015&idx=1&sn=503b9d6a19714dc4da938c0db3732488"
},
{
"text": "",
"url": "https://beyondmachines.net/event_details/harvard-university-investigates-data-breach-linked-to-critical-oracle-zero-day-flaw-l-7-3-g-1"
},
{
"text": "",
"url": "https://www.matricedigitale.it/2025/10/13/harvard-indaga-su-zero-day-oracle-ed-europol-traccia-vittime-nellhackaton-empact-thb/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3ODY0NTczMA==&mid=2247493792&idx=1&sn=fe15e810c021cb77e9a99d8008238d14"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/harvard-university-investigates-possible-data-breach-from-oracle-e-business-suite-zero-day-attack-as-clop-threatens-leak/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=Mzg3OTc0NDcyNQ==&mid=2247495033&idx=3&sn=652161f36966bb3f6d9b010df6379a1b"
},
{
"text": "",
"url": "https://www.redhotcyber.com/post/universita-di-harvard-colpita-da-campagna-di-hacking-tramite-oracle-e-business-suite/"
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/security-week-news/american-airlines-subsidiary-envoy-air-hit-by-oracle-hack/"
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/security-week-news/cisa-confirms-exploitation-of-latest-oracle-ebs-vulnerability/"
},
{
"text": "",
"url": "https://www.seqrite.com/blog/anatomy-of-the-red-hat-intrusion-crimson-collective-and-slsh-extortions/"
},
{
"text": "",
"url": "https://www.darkreading.com/vulnerabilities-threats/oracle-ebs-attack-victims-more-numerous-expected"
},
{
"text": "",
"url": "https://undercodenews.com/washington-post-data-breach-nearly-10000-employees-and-contractors-affected-in-oracle-hack/"
},
{
"text": "",
"url": "https://gbhackers.com/clop-ransomware/"
},
{
"text": "",
"url": "https://beyondmachines.net/event_details/allianz-uk-reports-breach-through-compromise-of-oracle-e-business-suite-w-o-n-k-y"
},
{
"text": "",
"url": "https://www.theregister.com/2025/11/11/hitachiowned_globallogic_admits_data_stolen/"
},
{
"text": "",
"url": "https://www.bleepingcomputer.com/news/security/globallogic-warns-10-000-employees-of-data-theft-after-oracle-breach/"
},
{
"text": "",
"url": "https://undercodenews.com/hitachi-subsidiary-globallogic-hit-by-clop-ransomware-attack-exploiting-oracle-zero-day/"
},
{
"text": "",
"url": "https://beyondmachines.net/event_details/nhs-investigating-potential-breach-after-ransomware-group-claims-breach-of-oracle-e-business-suite-q-e-4-y-n"
},
{
"text": "",
"url": "https://cybersecuritynews.com/entrust-oracle-0-day-ebs-hack/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/washington-post-oracle-ebs-attack-9720-data-leak/"
},
{
"text": "",
"url": "https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458604320&idx=2&sn=364d0c2862669459505599b2fa67b41f"
},
{
"text": "",
"url": "https://cyberwebspider.com/blog/cyber-security-news/lessons-from-oracle-e-business-suite-hack-that-allegedly-compromises-nearly-30-organizations-worldwide/"
},
{
"text": "",
"url": "https://www.freebuf.com/articles/es/458296.html"
},
{
"text": "",
"url": "https://teamwin.in/oracle-allegedly-breached-by-clop-ransomware-via-e-business-suite-0-day-hack/"
},
{
"text": "",
"url": "https://thedefendopsdiaries.com/how-zero-day-vulnerabilities-empower-modern-ransomware-lessons-from-the-dartmouth-college-breach/"
},
{
"text": "",
"url": "https://www.spartechsoftware.com/cybersecurity-news-bytes/spartech-software-cyberpulse-your-quick-strike-cyber-update-for-november-25-2025-405-pm/"
},
{
"text": "",
"url": "https://rocket-boys.co.jp/security-measures-lab/mazda-says-clop-cyberattack-had-no-impact-possible-oracle-ebs-vulnerability/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/19944/amp"
},
{
"text": "",
"url": "https://thedefendopsdiaries.com/how-a-single-oracle-zero-day-breach-rippled-across-industries-the-barts-health-nhs-incident/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/26799"
},
{
"text": "",
"url": "https://www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/"
},
{
"text": "",
"url": "https://blackhatnews.tokyo/archives/34840"
},
{
"text": "",
"url": "https://www.itsecuritynews.info/cl0p-exploits-oracle-e-business-suite-zero-day-in-data-theft-extortion-campaign-cve-2025-61882/"
},
{
"text": "",
"url": "https://cybermaterial.com/oracle-ebs-hack-hits-nearly-30-victims/"
},
{
"text": "",
"url": "https://ti.dbappsecurity.com.cn/info/13674"
},
{
"text": "",
"url": "https://www.cysecurity.news/2026/01/35-million-students-impacted-in-us.html"
},
{
"text": "",
"url": "https://blogs.oracle.com/security/post/apply-july-2025-cpu"
},
{
"text": "",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61882"
},
{
"text": "",
"url": "https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/"
},
{
"text": "",
"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html"
}
],
"timeline": [
{
"event_list": [
"Public Disclosure"
],
"event_time": "2025-10-04 16:00:00"
},
{
"event_list": [
"Vulnerability Recorded"
],
"event_time": "2025-10-05 03:30:07"
},
{
"event_list": [
"Exploitation Activity Observed"
],
"event_time": "2025-10-06 21:10:17"
},
{
"event_list": [
"PoC Recorded"
],
"event_time": "2025-10-06 22:28:32"
},
{
"event_list": [
"Remediation Available",
"Temporary Mitigation Available"
],
"event_time": "2025-10-09 03:02:05"
}
],
"xve_id": "XVE-2025-36247",
"cve_id": "CVE-2025-61882",
"cnnvd_id": [
"CNNVD-202510-745"
],
"vuln_name": "Oracle E-Business Suite Remote Code Execution Vulnerability",
"vuln_category": "Remote Code Execution",
"publish_time": 1759593600,
"update_time": 1768040795,
"threatbook_create_time": 1759635007
},
"temporary_mitigation": {
"public_temporary_mitigations": {
"source": "AI",
"text": "Interim mitigation measures for the CVE-2025-61882 vulnerability include: \n1. Investigate outbound connections from Oracle EBS instances to known malicious infrastructure [1] \n2. Search for malicious templates in `xdo_templates_vl` that match URL references in `TemplateCode` [1] \n3. Collaborate with relevant Oracle database administrators to review potentially affected systems [1] \n4. Examine suspicious sessions in `icx_sessions` involving `UserID 0` (sysadmin) and `UserID 6` (guest) [1] \n5. Consider temporarily disabling internet access for exposed Oracle EBS services [1] \n6. Protect EBS instances using a Web Application Firewall (WAF) [1]"
},
"configuration_level_mitigation": {
"source": "Threatbook Lab",
"text": "Implement protective measures by utilizing security equipment to restrict access to the following paths: /OA_HTML/configurator/UiServlet and /OA_HTML/help/../ieshostedsurvey.jsp."
},
"network_level_mitigation": {
"source": "Threatbook Lab",
"text": "Unless absolutely necessary, avoid exposing assets to the internet."
}
}
}
],
"total": 1
},
"response_code": 200,
"msg": "Success"
}Query Parameters
Your API Key
You are able to get the key on "My API" page of i.threatbook.io.
Kindly note:
Please check if you have bound your access IP to the key and have the authority quotas to access this API before you interact with it.
Specifies the pagination cursor used to retrieve the next page of results.
If omitted, the first page of results will be returned.
Specifies the number of records to return per page. The default value is 10, and the maximum allowed value is 50.
Vulnerability IDs can be queried precisely using XVE, CVE, or CNNVD identifiers. The XVE ID serves as ThreatBook’s unique vulnerability identifier.
Batch queries are supported for up to 100 IDs, separated by commas. (Trial users: up to 10 per query.)
Vulnerability-affected vendors can be queried with exact-match search, and only single-item queries are supported.
Vulnerability-affected products can be queried with exact-match search.
Batch queries are supported for up to 100 items, separated by commas. (Trial users: up to 10 per query.)
Exploit paths can be queried with exact-match search.
Supports filtering vulnerabilities based on their update time.
Time options:
- 30d: Returns vulnerabilities updated within the last 30 calendar days (including today)
- 7d: Returns vulnerabilities updated within the last 7 calendar days (including today)
- 3d: Returns vulnerabilities updated within the last 3 calendar days (including today)
- 1d: Returns vulnerabilities updated from yesterday up to the query time
Supports filtering vulnerabilities based on ThreatBook’s ingestion time.
Time options:
- 30d: Returns vulnerabilities ingested within the last 30 calendar days (including today)
- 7d: Returns vulnerabilities ingested within the last 7 calendar days (including today)
- 3d: Returns vulnerabilities ingested within the last 3 calendar days (including today)
- 1d: Returns vulnerabilities ingested from yesterday up to the query time
Supports filtering high-risk vulnerabilities (those with high remediation priority).
This parameter is of boolean type. If not provided, all vulnerabilities are returned by default.
- true: Returns only high-risk vulnerabilities
- false: Returns vulnerabilities excluding high-risk ones