CVE-2025-53072 PoC — Oracle E-Business Suite 安全漏洞

Source

Associated Vulnerability

Description

Detection for CVE-2025-53072 + CVE-2025-62481

Readme

# <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Locked.png" alt="Locked" width="25" height="25" /> CVE-2025-53072 & CVE-2025-62481

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). 

## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Magnifying%20Glass%20Tilted%20Left.png" alt="Search" width="25" height="25" /> How does this detection method work?

This Nuclei template detects Oracle E-Business Suite instances vulnerable to CVE-2025-53072 and CVE-2025-62481 by checking if the server's Last-Modified header indicates a build date before October 21, 2025 (the patch date), combined with identifying the E-Business Suite home page content and a 200 status response. Do note this is a script to fingerprint devices that are "likely" vulnerable to said CVE, not confirmed vulnerable. 

## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Travel%20and%20places/Rocket.png" alt="Rocket" width="25" height="25" /> How do I run this script?

1. Download and install [Nuclei](https://github.com/projectdiscovery/nuclei).
2. Clone this repostory to your local system.
3. Run the following command: 
```sh
nuclei -u <ip|fqdn> -t template.yaml
```

Or if you would like to scan a list of hosts, execute:
```sh
nuclei -l <list.txt> -t template.yaml
```

### Example Output

<img width="902" height="149" alt="Screenshot 2025-10-22 at 10 27 59" src="https://github.com/user-attachments/assets/5769d3cf-e932-4cc9-a902-72685c9ed6c2" />


## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Books.png" alt="Books" width="25" height="25" /> References

- https://www.oracle.com/security-alerts/cpuoct2025.html
- https://github.com/projectdiscovery/nuclei


## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Symbols/Warning.png" alt="Warning" width="25" height="25" /> Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

---

## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Objects/Page%20with%20Curl.png" alt="License" width="25" height="25" /> License

This project is licensed under the MIT License.

## <img src="https://raw.githubusercontent.com/Tarikul-Islam-Anik/Animated-Fluent-Emojis/master/Emojis/Smilies/Speech%20Balloon.png" alt="Contact" width="25" height="25" /> Contact

If you have any questions about this vulnerability detection script please reach out to me via [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw).

If you would like to connect, I am mostly active on [Twitter/X](https://x.com/rxerium) and [LinkedIn](https://www.linkedin.com/in/rxerium/).

File Snapshot

 [4.0K]  /data/pocs/a8bf6721e1ff87da8615e587336854740a2f5bb8
├── [1.0K]  LICENSE
├── [2.9K]  README.md
└── [1.2K]  template.yaml

1 directory, 3 files

Remarks