CVE-2025-61884
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - [Actively Exploited]
Description
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
INFO
Published Date :
Oct. 12, 2025, 3:15 a.m.
Last Modified :
Oct. 27, 2025, 5:08 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Apply the appropriate patch for Oracle Configurator.
- Consult Oracle Security Alert for patch details.
Public PoC/Exploit Available at Github
CVE-2025-61884 has a 8 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-61884.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-61884 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-61884
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
🚨 CVE-2025-61884 — High-Risk Oracle EBS Configurator Info Disclosure
None
A Comprehensive Case Study Analysis of Enterprise Vulnerabilities and Defensive Evolution
case-study cloud cve cybersecurity oracle reporting zero-trust cve-2025-61884
None
CVE-2025-61884
Python
Detection for CVE-2025-61882
detection nuclei oracle zero-day
🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats.
detection nuclei zero-day
A list of all of my starred repos, automated using Github Actions 🌟
github-actions stars
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-61884 vulnerability anywhere in the article.
-
The Cyber Express
Washington Post Confirms Data Breach as CL0P Claims Over 40 Oracle Victims
The Washington Post has confirmed that it was breached by a threat campaign targeting Oracle E-Business Suite vulnerabilities. The Washington Post data breach is one of more than 40 victims claimed by ... Read more
-
BleepingComputer
Checkout.com snubs hackers after data breach, to donate ransom instead
UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom. The company sa ... Read more
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 46
The Good | FBI and Europol Arrest Ransomware Broker and Dismantle Major Botnet Russian national, Aleksey Olegovich Volkov, is set to plead guilty for acting as an initial access broker (IAB) for Yanlu ... Read more
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 46
The Good | FBI and Europol Arrest Ransomware Broker and Dismantle Major Botnet Russian national, Aleksey Olegovich Volkov, is set to plead guilty for acting as an initial access broker (IAB) for Yanlu ... Read more
-
The Cyber Express
The Top 100 U.S. Cybersecurity Leaders Shaping a Safer Digital Future
To recognize the individuals driving the transformation of cybersecurity in the United States, The Cyber Express, in collaboration with Suraksha Catalyst, proudly presents the Top 100 Cybersecurity Le ... Read more
-
The Cyber Express
Android Reports Major Drop in Memory Bugs as Rust Adoption Accelerates
Android has shared new insights into how the platform’s long-term shift toward Rust is reshaping both security and software development. The new data reflects a decisive move toward memory safety, and ... Read more
-
The Cyber Express
Akira Ransomware Group Poses ‘Imminent Threat’ to Critical Infrastructure: CISA
The Akira ransomware group poses an “imminent threat to critical infrastructure,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today. CISA joined with the FBI, other U.S. ag ... Read more
-
The Cyber Express
Ransomware Attacks Soared 30% in October
Ransomware attacks soared 30% in October to the second-highest total on record, Cyble reported today. The 623 ransomware attacks recorded in October were second only to February 2025’s record attacks, ... Read more
-
BleepingComputer
Washington Post data breach impacts nearly 10K employees, contractors
The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. The news organization is one o ... Read more
-
The Cyber Express
Zero-Day Vulnerabilities in Cisco and Citrix Targeted by APT Group, Amazon Confirms
Amazon’s threat intelligence division has revealed a cyber-espionage campaign involving an advanced persistent threat (APT) group exploiting previously undisclosed zero-day vulnerabilities in systems ... Read more
-
The Cyber Express
China Cyberattack Accusation Alleges U.S. Role in $13B Bitcoin Theft
China has leveled a cyberattack accusation against the United States, claiming Washington orchestrated the 2020 hack of the LuBian mining pool and later seized 127,000 Bitcoin—worth about $13 billion— ... Read more
-
The Cyber Express
Microsoft Patch Tuesday November 2025: Fixes 63 Security Flaws and One Zero-Day Exploit
Microsoft’s November Patch Tuesday release for 2025 has delivered fixes for 63 security flaws across its software portfolio, including one zero-day vulnerability already being exploited in the wild. T ... Read more
-
The Cyber Express
Global GRC Platform Market Set to Reach USD 127.7 Billion by 2033
The GRC platform market is witnessing strong growth as organizations across the globe focus on strengthening governance, mitigating risks, and meeting evolving compliance demands. According to recent ... Read more
-
The Register
Hitachi-owned GlobalLogic admits data stolen on 10k current and former staff
Digital engineering outfit GlobalLogic says personal data from more than 10,000 current and former employees was exposed in the wave of Oracle E-Business Suite (EBS) attacks attributed to the Clop ran ... Read more
-
The Cyber Express
Researchers Uncover Critical runC Bugs Allowing Full Container Escape
Security researchers have revealed three serious vulnerabilities in runC, the Open Container Initiative (OCI)-compliant runtime that powers platforms such as Docker and Kubernetes, which could allow a ... Read more
-
The Cyber Express
Cisco Issues Critical Warning Over New Unified Contact Center Express Vulnerabilities
Cisco has issued an urgent security advisory detailing two critical vulnerabilities affecting its Unified Contact Center Express (Unified CCX) platform. The flaws, identified as CVE-2025-20354 and CVE ... Read more
-
The Cyber Express
Critical CVE-2025-12779 Vulnerability Exposes Amazon WorkSpaces for Linux Users to Token Theft
A newly disclosed security flaw in the Amazon WorkSpaces client for Linux has raised serious concerns across organizations relying on AWS virtual desktop infrastructure. The vulnerability, identified ... Read more
-
The Cyber Express
Balancer Hack Exposes $116 Million Smart Contract Vulnerability
Balancer V2, one of the most prominent automated market makers (AMMs), has suffered a large-scale security incident. The Balancer data breach exposed a critical Balancer vulnerability within its smart ... Read more
-
The Cyber Express
Apple Rolls Out iOS 26.1 and iPadOS 26.1 With Critical Security Fixes
Apple has released a new round of security updates for its mobile platforms, introducing iOS 26.1 and iPadOS 26.1. The latest Apple security updates are available for a wide range of devices. iPhone m ... Read more
-
The Cyber Express
Ongoing Ransomware Attacks Exploit Critical Linux Kernel Vulnerability (CVE-2024-1086)
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a serious warning after confirming that a critical flaw in the Linux Kernel, tracked as CVE-2024-1086, is being actively exploite ... Read more
The following table lists the changes that have been made to the
CVE-2025-61884 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Oct. 27, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 -
Initial Analysis by [email protected]
Oct. 21, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:* versions from (including) 12.2.3 up to (including) 12.2.14 Added Reference Type CISA-ADP: https://blogs.oracle.com/security/post/apply-july-2025-cpu Types: Vendor Advisory Added Reference Type CISA-ADP: https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Types: Exploit, Press/Media Coverage Added Reference Type Oracle: https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Types: Vendor Advisory -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Oct. 21, 2025
Action Type Old Value New Value Added Date Added 2025-10-20 Added Due Date 2025-11-10 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 16, 2025
Action Type Old Value New Value Added CWE CWE-287 Added CWE CWE-22 Added CWE CWE-93 Added CWE CWE-918 Added CWE CWE-444 Added CWE CWE-501 Added Reference https://blogs.oracle.com/security/post/apply-july-2025-cpu Added Reference https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ -
New CVE Received by [email protected]
Oct. 12, 2025
Action Type Old Value New Value Added Description Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Added Reference https://www.oracle.com/security-alerts/alert-cve-2025-61884.html