VDB
NCSC-2025-303
NCSC-2025-303
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Critical vulnerabilities in Oracle E-Business Suite (versions 12.2.3-12.2.14) allow unauthenticated attackers to compromise the system, with a CVSS score of 9.8, and enable network access attacks on BI Publisher Integration.
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | vers:unknown/* |
Timeline
- Oct 5, 2025 CVE Published
- Oct 8, 2025 CVE Updated
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
References
- https://www.oracle.com/security-alerts/alert-cve-2025-61882.html advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61882.json advisory
- https://advisories.ncsc.nl/csaf/v2/2025/ncsc-2025-0303.json advisory
- https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/ advisory