Oracle E-Business Suite Unauth RCE
This week, we are pleased to announce the addition of a module that exploits CVE-2025-61882, a pre-authentication remote code execution vulnerability in Oracle E-Business Suite versions 12.2.3 through 12.2.14. The exploit chains multiple flaws—including SSRF, path traversal, HTTP request smuggling, and XSLT injection—to coerce the target into fetching and executing a malicious XSL file hosted by the attacker. Successful exploitation results in arbitrary command execution and an interactive shell on both Linux/Unix and Windows targets. The module is reliable, repeatable, and we here at Metasploit hope you enjoy it, happy hacking!
New module content (3)
Authenticated RCE in Splunk (splunk_archiver app)
Authors: Alex Hordijk, Maksim Rogov, and psytester Type: Exploit Pull request: #20770 contributed by vognik Path: linux/http/splunk_auth_rce_cve_2024_36985 AttackerKB reference: CVE-2024-36985
Description: This adds two separate Metasploit exploit modules targeting Remote Code Execution (RCE) vulnerabilities in Splunk Enterprise. CVE-2024-36985 exploits unsafe use of the "copybuckets" lookup function within the splunk_archiver application, resulting in execution of the sudobash helper script with attacker-controlled arguments. Affected versions: All releases prior to 9.0.10, 9.1.2 through 9.1.5, 9.2.0 through 9.2.2 CVE-2022-43571, exploits a Python code injection vulnerability in Splunk SimpleXML dashboards by injecting malicious code into sparkline style parameters. Malicious code is executed when a user exports the dashboard to PDF. Affected versions: All releases prior to 8.1.12, 8.2.0 through 8.2.9, 9.0.0 through 9.0.2.
Oracle E-Business Suite CVE-2025-61882 RCE
Authors: Mathieu Dupas and watchTowr (Sonny, Sina Kheirkhah, Jake Knott) Type: Exploit Pull request: #20750 contributed by MatDupas Path: multi/http/oracle_ebs_cve_2025_61882_exploit_rce AttackerKB reference: CVE-2025-61882
Description: This adds an exploit for CVE-2025-61882, a critical Remote Code Execution (RCE) vulnerability in Oracle E-Business Suite (EBS). The flaw allows unauthenticated attackers to execute arbitrary code by leveraging a combination of SSRF, HTTP request smuggling and XSLT injection. Affected Versions: Oracle E-Business Suite, 12.2.3-12.2.14.