CVE-2025-61882-CVE-2025-61884/CVE-2025-61882.yaml at main · rxerium/CVE-2025-61882-CVE-2025-61884 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
id: CVE-2025-61882

info:
  name: Detection for CVE-2025-61882
  author: rxerium
  severity: critical
  description: |
    This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution.
  metadata:
    shodan-query: html:"OA_HTML"
  tags: detect,oracle,ebusiness-suite

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: dsl
        name: last_modified_date
        dsl:
          - last_modified

      - type: dsl
        name: date_unix
        internal: true
        dsl:
          - 'to_unix_time(last_modified, "Mon, 02 Jan 2006 15:04:05 MST")'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "E-Business Suite Home Page"
        part: body

      - type: dsl
        dsl:
          - compare_versions(date_unix, "< 1759602752")

      - type: status
        status:
          - 200