EDIT: Oracle just disclosed a new vulnerability CVE-2025-61884, the detection script for that vuln can be found in this repo or originally here: https://gist.github.com/rxerium/6c70bc6b72fc0d1365c85937d35d9550.
As quoted from Oracle's security advisory:
This Security Alert addresses vulnerability CVE-2025-61882 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution.
This vulnerability detection template detects Oracle E-Business Suite instances that are vulnerable to CVE-2025-61882 by checking if the page contains "E-Business Suite Home Page" text and comparing the Last-Modified header date against October 4, 2025. If the Last-Modified date is before October 4, 2025 (Unix timestamp 1759602752), it indicates the instance hasn't been patched and is potentially vulnerable to the vulnerability in question.
- Download Nuclei from here
- Copy the template to your local system
- Run the following command:
nuclei -u https://yourHost.com:<port> -t template.yaml
For enhanced detection please include ports in your input list.
- https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
- https://www.shodan.io/search?query=html%3A%22OA_HTML%22&page=2
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
Feel free to reach out via Signal if you have any questions.
