Share
## https://sploitus.com/exploit?id=81C587A7-D98E-5F71-856E-7074F803AA63
# CVE-2025-61882 & CVE-2025-61884

***EDIT: Oracle just disclosed a new vulnerability CVE-2025-61884, the detection script for that vuln can be found in this repo or originally here: https://gist.github.com/rxerium/6c70bc6b72fc0d1365c85937d35d9550.***

As quoted from [Oracle's security advisory](https://www.oracle.com/security-alerts/alert-cve-2025-61882.html):
> This Security Alert addresses vulnerability CVE-2025-61882 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution.

## How does this detection method work?

This vulnerability detection template detects Oracle E-Business Suite instances that are vulnerable to CVE-2025-61882 by checking if the page contains "E-Business Suite Home Page" text and comparing the Last-Modified header date against October 4, 2025. If the Last-Modified date is before October 4, 2025 (Unix timestamp 1759602752), it indicates the instance hasn't been patched and is potentially vulnerable to the vulnerability in question.

## How do I run this script?

1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com: -t template.yaml` 

***For enhanced detection please include ports in your input list.***

## References

- https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
- https://www.shodan.io/search?query=html%3A%22OA_HTML%22&page=2


## Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

## Share This Project


  
    
  
  
    
  
  
    
  


---

## Contact

Feel free to reach out via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw) if you have any questions.