CVE-2025-61884
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability - [Actively Exploited]
Description
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
INFO
Published Date :
Oct. 12, 2025, 3:15 a.m.
Last Modified :
Oct. 27, 2025, 5:08 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | HIGH | [email protected] |
Solution
- Apply the appropriate patch for Oracle Configurator.
- Consult Oracle Security Alert for patch details.
Public PoC/Exploit Available at Github
CVE-2025-61884 has a 9 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-61884.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-61884 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-61884
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Sorumluluk Reddi Kendi sorumluluğunuzda kullanın, size ait olmayan veya tarama izninizin olmadığı altyapılarda gerçekleştireceğiniz yasa dışı faaliyetlerden sorumlu olmayacağım.
🚨 CVE-2025-61884 — High-Risk Oracle EBS Configurator Info Disclosure
None
A Comprehensive Case Study Analysis of Enterprise Vulnerabilities and Defensive Evolution
case-study cloud cve cybersecurity oracle reporting zero-trust cve-2025-61884
None
CVE-2025-61884
Python
Detection for CVE-2025-61882
detection nuclei oracle zero-day
🔍 Detect vulnerabilities CVE-2025-61882 and CVE-2025-61884 in Oracle E-Business Suite to help secure your systems from potential remote code execution threats.
detection nuclei zero-day
A list of all of my starred repos, automated using Github Actions 🌟
github-actions stars
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-61884 vulnerability anywhere in the article.
-
The Cyber Express
CERT-In Warns of Critical Asus Router Flaw Exposing Millions in India
According to the Indian Computer Emergency Response Team (CERT-In), thousands of households, small offices, and service providers across the country may already be at risk due to a newly uncovered aut ... Read more
-
The Cyber Express
Stolen VPN Credentials Most Common Ransomware Attack Vector
Compromised VPN credentials are the most common initial access vector for ransomware attacks, according to a new report. Nearly half of ransomware attacks in the third quarter abused compromised VPN c ... Read more
-
CybersecurityNews
Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide
A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations ... Read more
-
The Cyber Express
Critical 7-Zip Vulnerability CVE-2025-11001 Prompts NHS Cyber Alert
A newly discovered security flaw, identified as CVE-2025-11001, is targeting users across both public and private sectors. The vulnerability, affecting all versions of 7-Zip before 25.00, allows attac ... Read more
-
The Cyber Express
Europe Strengthens Cyber Defense as ENISA Becomes CVE Root
The European Union Agency for Cybersecurity (ENISA) has taken a major step forward in advancing vulnerability management across Europe by becoming a CVE Root within the global Common Vulnerabilities a ... Read more
-
The Cyber Express
50,000 CCTVs Hacked in India: Intimate Hospital Footage Sold Online
A disturbing case of hacking CCTV systems in India has exposed a widespread cybercrime racket through which intimate videos from a maternity ward were stolen and sold online. Police in Gujarat state s ... Read more
-
The Cyber Express
W3 Total Cache Vulnerability Puts Over One Million WordPress Sites at Risk
A severe security flaw has been discovered in the popular W3 Total Cache WordPress plugin, potentially exposing more than one million websites to remote code execution (RCE). The vulnerability, offici ... Read more
-
The Cyber Express
Fortinet Silent Patch Raises Concern Among Security Researchers
Fortinet may have silently patched an exploited zero-day vulnerability more than two weeks before officially disclosing the vulnerability. CVE-2025-64446 in Fortinet’s FortiWeb web application firewal ... Read more
-
The Cyber Express
IBM AIX Hit by Three Critical Vulnerabilities, One a Perfect 10. Patch Now!
Vulnerabilities in the IBM AIX operating system for Power servers could allow remote attackers to execute arbitrary commands, obtain Network Installation Manager (NIM) private keys, or traverse direct ... Read more
-
The Cyber Express
Logitech Confirms Data Breach Following CL0P Victim Claims
Logitech International S.A. has confirmed that it was hit by a data breach, the company said in an SEC filing late last week. Logitech’s 8-K filing released on Nov. 14 was short on details, but the co ... Read more
-
Help Net Security
Logitech confirms data breach
Logitech, the Swiss multinational electronics and technology company best known for marketing computer peripherals and hardware, has suffered a data breach. “While the investigation is ongoing, at thi ... Read more
-
The Cyber Express
Washington Post Confirms Data Breach as CL0P Claims Over 40 Oracle Victims
The Washington Post has confirmed that it was breached by a threat campaign targeting Oracle E-Business Suite vulnerabilities. The Washington Post data breach is one of more than 40 victims claimed by ... Read more
-
BleepingComputer
Checkout.com snubs hackers after data breach, to donate ransom instead
UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom. The company sa ... Read more
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 46
The Good | FBI and Europol Arrest Ransomware Broker and Dismantle Major Botnet Russian national, Aleksey Olegovich Volkov, is set to plead guilty for acting as an initial access broker (IAB) for Yanlu ... Read more
-
The Cyber Express
The Top 100 U.S. Cybersecurity Leaders Shaping a Safer Digital Future
To recognize the individuals driving the transformation of cybersecurity in the United States, The Cyber Express, in collaboration with Suraksha Catalyst, proudly presents the Top 100 Cybersecurity Le ... Read more
-
The Cyber Express
Android Reports Major Drop in Memory Bugs as Rust Adoption Accelerates
Android has shared new insights into how the platform’s long-term shift toward Rust is reshaping both security and software development. The new data reflects a decisive move toward memory safety, and ... Read more
-
The Cyber Express
Akira Ransomware Group Poses ‘Imminent Threat’ to Critical Infrastructure: CISA
The Akira ransomware group poses an “imminent threat to critical infrastructure,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today. CISA joined with the FBI, other U.S. ag ... Read more
-
The Cyber Express
Ransomware Attacks Soared 30% in October
Ransomware attacks soared 30% in October to the second-highest total on record, Cyble reported today. The 623 ransomware attacks recorded in October were second only to February 2025’s record attacks, ... Read more
-
BleepingComputer
Washington Post data breach impacts nearly 10K employees, contractors
The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. The news organization is one o ... Read more
-
The Cyber Express
Zero-Day Vulnerabilities in Cisco and Citrix Targeted by APT Group, Amazon Confirms
Amazon’s threat intelligence division has revealed a cyber-espionage campaign involving an advanced persistent threat (APT) group exploiting previously undisclosed zero-day vulnerabilities in systems ... Read more
The following table lists the changes that have been made to the
CVE-2025-61884 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Oct. 27, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 Types: US Government Resource -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Removed Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 -
Initial Analysis by [email protected]
Oct. 21, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:* versions from (including) 12.2.3 up to (including) 12.2.14 Added Reference Type CISA-ADP: https://blogs.oracle.com/security/post/apply-july-2025-cpu Types: Vendor Advisory Added Reference Type CISA-ADP: https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Types: Exploit, Press/Media Coverage Added Reference Type Oracle: https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Types: Vendor Advisory -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Oct. 21, 2025
Action Type Old Value New Value Added Date Added 2025-10-20 Added Due Date 2025-11-10 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 16, 2025
Action Type Old Value New Value Added CWE CWE-287 Added CWE CWE-22 Added CWE CWE-93 Added CWE CWE-918 Added CWE CWE-444 Added CWE CWE-501 Added Reference https://blogs.oracle.com/security/post/apply-july-2025-cpu Added Reference https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ -
New CVE Received by [email protected]
Oct. 12, 2025
Action Type Old Value New Value Added Description Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Added Reference https://www.oracle.com/security-alerts/alert-cve-2025-61884.html