{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright © Oracle. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp" } }, "publisher": { "category": "vendor", "name": "Oracle", "namespace": "https://www.oracle.com" }, "references": [ { "summary": "URL to html version of Advisory", "url": "https://www.oracle.com/security-alerts/alert-cve-2025-61882.html" }, { "category": "self", "summary": "URL to CSAF version of Advisory", "url": "https://www.oracle.com/docs/tech/security-alerts/cve-2025-61882csaf.json" } ], "title": "Oracle Security Alert for CVE-2025-61882 - Oracle CSAF", "tracking": { "current_release_date": "2025-10-04T18:00:00-07:00", "id": "CVE-2025-61882csaf", "initial_release_date": "2025-10-04T18:00:00-07:00", "revision_history": [ { "date": "2025-10-04T18:00:00-07:00", "number": "1", "summary": "Initial Release." } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "Oracle Concurrent Processing Version 12.2.3-12.2.14", "product": { "name": "Oracle Concurrent Processing Version 12.2.3-12.2.14", "product_id": "P-9303V-12.2.3-12.2.14", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:concurrent_processing:12.2.3-12.2.14:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Oracle Concurrent Processing" } ], "category": "product_family", "name": "Oracle E-Business Suite" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-61882", "ids": [ { "system_name": "Oracle Bug ID of Oracle Concurrent Processing", "text": "38500628" } ], "notes": [ { "category": "description", "text": "Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).", "title": "Vulnerability Description" } ], "product_status": { "known_affected": [ "P-9303V-12.2.3-12.2.14" ] }, "remediations": [ { "category": "vendor_fix", "details": "Oracle customers with valid support contracts", "product_ids": [ "P-9303V-12.2.3-12.2.14" ], "url": "https://support.oracle.com/rs?type=doc&id=3106344.1" } ], "scores": [ { "cvss_v3": { "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "P-9303V-12.2.3-12.2.14" ] } ] } ] }