Analytics Story: Oracle E-Business Suite Exploitation
Description
Leverage searches that allow you to detect and investigate unusual activities that might relate to the exploitation of Oracle E-Business Suite vulnerabilities (CVE-2025-61882 and CVE-2025-61884).
Why it matters
This story addresses Oracle E-Business Suite exploitation. This story focuses on the detection of exploitation attempts targeting Oracle E-Business Suite vulnerabilities, specifically CVE-2025-61882 and CVE-2025-61884. These vulnerabilities have been actively exploited in the wild, allowing attackers to execute arbitrary code on vulnerable systems. The story provides analytics to help security operations centers (SOCs) and security researchers monitor and respond to potential exploitation attempts.
Detections
Data Sources
| Name | Platform | Sourcetype | Source |
|---|---|---|---|
| Cisco Secure Firewall Threat Defense Intrusion Event | N/A | cisco:sfw:estreamer |
not_applicable |
References
- https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
- https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
- https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/
- https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation
Source: GitHub | Version: 1