1. Home
  2. Vulnerabilities
  3. CVE-2025-61884
Known Exploited Vulnerability
7.5
HIGH CVSS 3.1
CVE-2025-61884
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - [Actively Exploited]
Description

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

INFO

Published Date :

Oct. 12, 2025, 3:15 a.m.

Last Modified :

Oct. 27, 2025, 5:08 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.

Required Action :

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes :

https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884

Affected Products

The following products are affected by CVE-2025-61884 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Oracle configurator
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
Patch Oracle Configurator to fix a vulnerability affecting E-Business Suite.
  • Apply the appropriate patch for Oracle Configurator.
  • Consult Oracle Security Alert for patch details.
Public PoC/Exploit Available at Github

CVE-2025-61884 has a 9 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-61884.

URL Resource
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Vendor Advisory
https://blogs.oracle.com/security/post/apply-july-2025-cpu Vendor Advisory
https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Exploit Press/Media Coverage
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 US Government Resource
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-61884 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-61884 weaknesses.

CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic Using Slashes and URL Encoding Combined to Bypass Validation Logic CAPEC-76: Manipulating Web Input to File System Calls Manipulating Web Input to File System Calls CAPEC-78: Using Escaped Slashes in Alternate Encoding Using Escaped Slashes in Alternate Encoding CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-126: Path Traversal Path Traversal CAPEC-15: Command Delimiters Command Delimiters CAPEC-81: Web Server Logs Tampering Web Server Logs Tampering CAPEC-22: Exploiting Trust in Client Exploiting Trust in Client CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data Utilizing REST's Trust in the System Resource to Obtain Sensitive Data CAPEC-94: Adversary in the Middle (AiTM) Adversary in the Middle (AiTM) CAPEC-114: Authentication Abuse Authentication Abuse CAPEC-115: Authentication Bypass Authentication Bypass CAPEC-151: Identity Spoofing Identity Spoofing CAPEC-194: Fake the Source of Data Fake the Source of Data CAPEC-593: Session Hijacking Session Hijacking CAPEC-633: Token Impersonation Token Impersonation CAPEC-650: Upload a Web Shell to a Web Server Upload a Web Shell to a Web Server CAPEC-33: HTTP Request Smuggling HTTP Request Smuggling CAPEC-273: HTTP Response Smuggling HTTP Response Smuggling CAPEC-664: Server Side Request Forgery Server Side Request Forgery

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Zhert-lab/CVE-2025-61882-CVE-2025-61884

Sorumluluk Reddi Kendi sorumluluğunuzda kullanın, size ait olmayan veya tarama izninizin olmadığı altyapılarda gerçekleştireceğiniz yasa dışı faaliyetlerden sorumlu olmayacağım.

Updated: 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 21, 2025, 8:05 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
AshrafZaryouh/CVE-2025-61884-At-a-Glance

🚨 CVE-2025-61884 — High-Risk Oracle EBS Configurator Info Disclosure

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 27, 2025, 3:53 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
shinyhunt/CVE-2025-61884

None

Updated: 1 month, 2 weeks ago
2 stars 0 fork 0 watcher
Born at : Oct. 26, 2025, 12:19 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
pakagronglb/oracle-security-breaches-analysis-case-study

A Comprehensive Case Study Analysis of Enterprise Vulnerabilities and Defensive Evolution

case-study cloud cve cybersecurity oracle reporting zero-trust cve-2025-61884

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 23, 2025, noon This repo has been linked 2 different CVEs too.
Profile Photo
shinyhunterz/CVE-2025-61884-61882

None

Updated: 1 month, 3 weeks ago
4 stars 0 fork 0 watcher
Born at : Oct. 19, 2025, 3:23 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
B1ack4sh/Blackash-CVE-2025-61884

CVE-2025-61884

Python

Updated: 1 month, 1 week ago
20 stars 5 fork 5 watcher
Born at : Oct. 13, 2025, 10:04 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
rxerium/CVE-2025-61882-CVE-2025-61884

Detection for CVE-2025-61882

detection nuclei oracle zero-day

Updated: 1 month, 3 weeks ago
29 stars 8 fork 8 watcher
Born at : Oct. 5, 2025, 6:35 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
siddu7575/CVE-2025-61882-CVE-2025-61884

🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats.

detection nuclei zero-day

Updated: 2 weeks, 3 days ago
1 stars 0 fork 0 watcher
Born at : March 4, 2025, 3:38 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
rxerium/stars

A list of all of my starred repos, automated using Github Actions 🌟

github-actions stars

Updated: 1 week, 4 days ago
0 stars 0 fork 0 watcher
Born at : Jan. 4, 2023, 11:20 a.m. This repo has been linked 30 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-61884 vulnerability anywhere in the article.

  • The Cyber Express
City of Cambridge Advises Password Reset After Nationwide CodeRED Data Breach

The City of Cambridge has released an important update regarding the OnSolve CodeRED emergency notifications system, also known locally as Cambridge’s reverse 911 system. The platform, widely used by ... Read more

Published Date: Dec 12, 2025 (16 hours, 34 minutes ago)
  • The Cyber Express
Google Fixes GeminiJack Zero-Click Flaw in Gemini Enterprise

Google has addressed a Gemini zero-click security flaw that allows silent data extraction from corporate environments using the company’s AI assistant tools. The issue, identified as a vulnerability i ... Read more

Published Date: Dec 11, 2025 (1 day, 15 hours ago)
  • The Cyber Express
Cyble Global Cybersecurity Report 2025: 6,000 Ransomware Attacks Mark a 50% Surge

2025 will be remembered as the year cyber threats reached a breaking point. With nearly 6,000 ransomware incidents, more than 6,000 data breaches, and over 3,000 sales of compromised corporate access, ... Read more

Published Date: Dec 11, 2025 (1 day, 16 hours ago)
  • The Cyber Express
Microsoft Patch Tuesday December 2025: One Zero-Day, Six High-Risk Flaws Fixed

Microsoft patched 57 vulnerabilities in its Patch Tuesday December 2025 update, including one exploited zero-day and six high-risk vulnerabilities. The exploited zero-day is CVE-2025-62221, a 7.8-rate ... Read more

Published Date: Dec 10, 2025 (2 days, 4 hours ago)
  • The Cyber Express
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0

A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that ... Read more

Published Date: Dec 09, 2025 (3 days, 15 hours ago)
  • The Cyber Express
NCSC Warns Prompt Injection Could Become the Next Major AI Security Crisis

The UK’s National Cyber Security Centre (NCSC) has issued a fresh warning about the growing threat of prompt injection, a vulnerability that has quickly become one of the biggest security concerns in ... Read more

Published Date: Dec 09, 2025 (3 days, 16 hours ago)
  • The Cyber Express
Barts Health Confirms Cl0p Ransomware Behind Data Breach Linked to Oracle Vulnerability

Barts Health NHS Trust has confirmed that the data breach at Barts Health was carried out by the Russian-speaking Cl0p ransomware group, which exploited a vulnerability in Oracle E-Business Suite. The ... Read more

Published Date: Dec 08, 2025 (4 days, 11 hours ago)
  • The Cyber Express
Active Exploitation of Command Injection Flaw Confirmed in Array AG Gateways

The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has confirmed that a command injection vulnerability affecting Array Networks AG Series secure access gateways has been activ ... Read more

Published Date: Dec 05, 2025 (1 week ago)
  • The Cyber Express
‘React2Shell’ Flaw Exploited by China-Nexus Groups Within Hours of Disclosure, AWS Warns

The cycle of vulnerability disclosure and weaponization has shattered records once again. According to a new threat intel from Amazon Web Services (AWS), state-sponsored hacking groups linked to China ... Read more

Published Date: Dec 05, 2025 (1 week ago)
  • The Cyber Express
Sanctioned Spyware Vendor Used iOS Zero-Day Exploit Chain Against Egyptian Targets

Google Threat Intelligence Group discovered a full iOS zero-day exploit chain deployed in the wild against targets in Egypt, revealing how sanctioned commercial surveillance vendor Intellexa continues ... Read more

Published Date: Dec 04, 2025 (1 week, 1 day ago)
  • The Cyber Express
Nationwide OnSolve CodeRED Breach Hits Monroe County, Exposing Resident Data

A nationwide cybersecurity incident involving the OnSolve CodeRED mass notification network has placed Monroe County residents at risk, prompting local officials to warn the public and begin transitio ... Read more

Published Date: Dec 03, 2025 (1 week, 2 days ago)
  • The Cyber Express
Critical SQL Injection Flaw Exposes Sensitive Data in Devolutions Server

A batch of new vulnerabilities in Devolutions Server targets organizations that depend on the platform to manage privileged accounts, passwords, and sensitive authentication data. Devolutions has rele ... Read more

Published Date: Dec 02, 2025 (1 week, 3 days ago)
  • The Cyber Express
Airbus Nears Completion of A320 Retrofit as Regulators Monitor Largest Emergency Recall in Company History

Airbus has entered the final phase of its unprecedented global retrofit effort, confirming that fewer than 100 A320s in service still require updates after the discovery of a software vulnerability th ... Read more

Published Date: Dec 01, 2025 (1 week, 4 days ago)
  • The Cyber Express
Linux Kernel 6.18 Launches With Big Architectural Upgrades and Bcachefs Removal

The Linux Kernel project reached another milestone with the official release of version 6.18, announced by Linus Torvalds. This update introduces a wide array of architectural changes, hardware enable ... Read more

Published Date: Dec 01, 2025 (1 week, 4 days ago)
  • The Cyber Express
Apache Syncope Passwords at Risk from Newly Disclosed CVE-2025-65998

A critical security flaw has been uncovered in Apache Syncope, the widely used open-source identity management system, potentially putting organizations at risk of exposing sensitive password informat ... Read more

Published Date: Nov 25, 2025 (2 weeks, 3 days ago)
  • The Cyber Express
CISA Adds Oracle Identity Manager Vulnerability to KEV Database

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added an Oracle Identity Manager vulnerability to its Known Exploited Vulnerabilities database after the SANS Internet Storm Center ... Read more

Published Date: Nov 24, 2025 (2 weeks, 4 days ago)
  • The Cyber Express
Grafana Flags Maximum-Severity SCIM Vulnerability Enabling Privilege Escalation

Grafana Labs has issued a warning regarding a maximum-severity security flaw, identified as CVE-2025-41115, affecting its Enterprise product. The vulnerability can allow attackers to impersonate admin ... Read more

Published Date: Nov 24, 2025 (2 weeks, 4 days ago)
  • The Cyber Express
CERT-In Warns of Critical Asus Router Flaw Exposing Millions in India

According to the Indian Computer Emergency Response Team (CERT-In), thousands of households, small offices, and service providers across the country may already be at risk due to a newly uncovered aut ... Read more

Published Date: Nov 21, 2025 (3 weeks ago)
  • The Cyber Express
Stolen VPN Credentials Most Common Ransomware Attack Vector

Compromised VPN credentials are the most common initial access vector for ransomware attacks, according to a new report. Nearly half of ransomware attacks in the third quarter abused compromised VPN c ... Read more

Published Date: Nov 20, 2025 (3 weeks, 1 day ago)
  • CybersecurityNews
Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide

A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations ... Read more

Published Date: Nov 20, 2025 (3 weeks, 1 day ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-61884 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Oct. 27, 2025

    Action Type Old Value New Value
    Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 Types: US Government Resource
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884
  • Initial Analysis by [email protected]

    Oct. 21, 2025

    Action Type Old Value New Value
    Added CPE Configuration OR *cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:* versions from (including) 12.2.3 up to (including) 12.2.14
    Added Reference Type CISA-ADP: https://blogs.oracle.com/security/post/apply-july-2025-cpu Types: Vendor Advisory
    Added Reference Type CISA-ADP: https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Types: Exploit, Press/Media Coverage
    Added Reference Type Oracle: https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Types: Vendor Advisory
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Oct. 21, 2025

    Action Type Old Value New Value
    Added Date Added 2025-10-20
    Added Due Date 2025-11-10
    Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Oct. 16, 2025

    Action Type Old Value New Value
    Added CWE CWE-287
    Added CWE CWE-22
    Added CWE CWE-93
    Added CWE CWE-918
    Added CWE CWE-444
    Added CWE CWE-501
    Added Reference https://blogs.oracle.com/security/post/apply-july-2025-cpu
    Added Reference https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/
  • New CVE Received by [email protected]

    Oct. 12, 2025

    Action Type Old Value New Value
    Added Description Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    Added Reference https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.5
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact