¡¾·ì϶¹«¸æ¡¿Oracle E-Business Suite Ô¶³Ì´úÂëÖ´Ðзì϶(CVE-2025-61882)

°ä²¼¹¦·ò 2025-10-09

Ò»¡¢¡¢·ì϶¸ÅÊö


·ì϶Ãû³Æ

Oracle E-Business Suite Ô¶³Ì´úÂëÖ´Ðзì϶

CVE   ID

CVE-2025-61882

·ì϶ÀàÐÍ

RCE

·¢ÏÖ¹¦·ò

2025-10-9

·ì϶ÆÀ·Ö

9.8

·ì϶µÈ¼¶

ÑÏÖØ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

²»±ØÒª

PoC/EXP

Òѹ«¿ª

ÔÚÒ°ÀûÓÃ

ÒÑ·¢ÏÖ


Oracle E-Business Suite£¨EBS£©ÊÇÒ»¸ö×ÛºÏÐÔµÄÆóÒµ×ÊÔ´¹æ»®£¨ERP£©Èí¼þÌ×¼þ£¬£¬£¬Ö¼ÔÚÔ®ÊÖÆóÒµÖÎÀí²ÆÕþ¡¢¡¢¹©¸øÁ´¡¢¡¢ÈËÁ¦×ÊÔ´¡¢¡¢¿Í»§¹ØϵµÈ¹Ø¼üÒµÎñÁ÷³Ì¡£¡£¡£EBSÌṩ¿í·ºµÄÄ£¿£¿é»¯ÀûÓ㬣¬£¬Ô̺¬²ÆÕþÖÎÀí¡¢¡¢²É¹º¡¢¡¢ÖÆ×÷¡¢¡¢¿â´æ¡¢¡¢ÏîÄ¿ÖÎÀíµÈ£¬£¬£¬¿ÉÄÜÂú×ã·ÖÆç¹æÄ£º£º£ºÍÐÐÒµµÄÐèÒª¡£¡£¡£×÷ΪOracleµÄÆì½¢²úÆ·£¬£¬£¬EBSÌṩ¸ß¶ÈµÄ¿É¶¨ÖÆÐԺͼ¯³ÉÄÜÁ¦£¬£¬£¬Ö§³ÖÈ«Çò»¯²Ù×÷£¬£¬£¬²¢Í¨¹ýÓëÆäËûOracle¼¼Êõ²Ö¿âµÄÎ޷켯³É£¬£¬£¬Ô®ÊÖÆóÒµÌá¸ßЧÄÜ¡¢¡¢½µµÍ³É±¾¡¢¡¢ÓÅ»¯¾ö²ß¡£¡£¡£


2025Äê10ÔÂ9ÈÕ£¬£¬£¬OG¶«·½Ìü¼¯ÍÅVSRC¼à²âµ½Oracle E-Business SuiteÖеÄÒ»¸öÑÏÖØ°²È«·ì϶£¬£¬£¬´æÔÚÓÚÆäOracle Concurrent Processing×é¼þµÄBI Publisher¼¯³É¹¦ÄÜÖС£¡£¡£¸Ã·ì϶ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õßͨ¹ýÍøÂçÔ¶³ÌÖ´ÐдúÂ룬£¬£¬¼´¹¥»÷ÕßÎÞÐèÓû§ÃûºÍÃÜÂë¼´¿ÉÌáÒé¹¥»÷¡£¡£¡£³É¹¦ÀûÓô˷ì϶¿ÉÄܵ¼Ö¹¥»÷ÕßÔÚÖ¸±êϵͳÉÏÖ´ÐÐËÁÒâ´úÂ룬£¬£¬´Ó¶øʵÏÖÆëÈ«½ÚÖÆ£¬£¬£¬ÑÏÖØÍþвϵͳ°²È«¡£¡£¡£Òѱ»¶à¸ö¹¥»÷ÕßÀûÓ㬣¬£¬Ô̺¬ÀÕË÷Èí¼þÍŻ¡£¡£


¶þ¡¢¡¢Ó°ÏìÁìÓò


12.2.3 <= Oracle E-Business Suite <= 12.2.14


Èý¡¢¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


Oracle¹Ù·½ÒÑ°ä²¼°²È«²¹¶¡£¬£¬£¬ÒÔÐÞ¸´¸Ã·ì϶¡£¡£¡£


ÏÂÔØÁ´½Ó£º£º£ºhttps://www.oracle.com/security-alerts/alert-cve-2025-61882.html/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£¡£¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÖÆ£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬¹Ø±Õ·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÖƺÍ×îСȨÏÞ×¼Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£

ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://www.oracle.com/security-alerts/alert-cve-2025-61882.html/
https://nvd.nist.gov/vuln/detail/CVE-2025-61882