Oracle Releases Security Advisory to Address Two Critical Severity Vulnerabilities in E-Business Suite

Oracle has released a quarterly rollup security advisory addressing CVE-2025-53072 and CVE-2025-62481, which, if successfully exploited, could lead to unauthenticated takeover of Oracle Marketing

Threat ID:: CC-4710
Threat Severity:: Medium
Published:: 23 October 2025 11:34 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Oracle has released a quarterly rollup security advisory addressing CVE-2025-53072 and CVE-2025-62481, which, if successfully exploited, could lead to unauthenticated takeover of Oracle Marketing

Affected platforms

The following platforms are known to be affected:

Oracle E-Business Suite

12.2.3 to 12.2.14

Threat details

Additional components and end-of-life software affected

Note: Since vulnerabilities affecting Oracle Database and Oracle Fusion Middleware versions may affect Oracle E-Business Suite products, Oracle recommends that customers apply the October 2025 Critical Patch Update to the Oracle Database and Oracle Fusion Middleware components of Oracle E-Business Suite.
Organisations running "sustaining support" or end-of-life releases of Oracle E-Business Suite must upgrade to a supported version. Oracle E-Business Suite releases r11, r12.0, and r12.1 are in Oracle's "sustaining support" lifecycle stage and do not receive security patches.

Introduction

Oracle has released a security advisory to address two critical severity vulnerabilities in the Marketing Administration component of the Oracle Marketing product within E-Business Suite.

Vulnerability Details

CVE-2025-53072 has a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to compromise and takeover Oracle Marketing.
CVE-2025-62481 has a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to compromise and takeover Oracle Marketing.

Remediation advice

Affected organisations must review Oracle's Quarterly Rollup Security Advisory (AV25-688) and apply the relevant updates as soon as practicable.

Note: Organisations running "sustaining support" or end-of-life releases of Oracle E-Business Suite must upgrade to a supported version. Oracle E-Business Suite releases r11, r12.0, and r12.1 are in Oracle's "sustaining support" lifecycle stage and do not receive security patches.

Definitive source of threat updates

https://www.oracle.com/security-alerts/cpuoct2025.html

CVE Vulnerabilities

Status Published

CVE-2025-53072

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Status Published

CVE-2025-62481

Last edited: 23 October 2025 11:34 am