Urgent Oracle EBS Vulnerability Alert (CVE-2025-61884)
▼ Summary
– Oracle has disclosed a new remotely exploitable vulnerability (CVE-2025-61884) in the Runtime UI of its Configurator product within Oracle E-Business Suite.
– This easily exploitable flaw allows unauthenticated attackers with network access via HTTP to compromise Oracle Configurator and gain unauthorized access to critical data.
– The vulnerability officially affects EBS versions 12.2.3 through 12.2.14, but version 12.1.3 has also been confirmed vulnerable.
– Oracle strongly recommends applying provided updates or mitigations, though it hasn’t confirmed if the vulnerability is under active attack or being exploited as a zero-day.
– Security researchers anticipate further attacks following the leak of exploit scripts for a related vulnerability (CVE-2025-61882).
A newly identified security flaw within Oracle’s E-Business Suite has been disclosed, presenting a significant risk to organizations using the platform. CVE-2025-61884 is a remotely exploitable vulnerability found in the Runtime user interface of the Oracle Configurator component. This weakness impacts EBS versions 12.2.3 through 12.2.14, mirroring the scope of a previously identified issue, CVE-2025-61882.
According to the official entry in the National Vulnerability Database, this flaw is considered easily exploitable. It permits an unauthenticated attacker with simple network access via HTTP to compromise Oracle Configurator. Successful exploitation could lead to unauthorized access to critical data or a complete takeover of all data accessible by the Oracle Configurator.
Oracle Security executive Rob Duhart has confirmed that the vulnerability may permit access to sensitive resources and affects certain deployments of Oracle E-Business Suite. The company is strongly urging all customers to implement the provided updates or mitigation measures without delay.
However, reports from the user community indicate that at least one earlier version, 12.1.3, has also been confirmed as vulnerable. Further adjustments to the official patch documentation are anticipated in the near future.
Oracle has not stated whether CVE-2025-61884 is currently under active exploitation as a zero-day vulnerability. There is speculation that the same threat actors who previously stole Oracle EBS customer data using CVE-2025-61882, and are now engaging in extortion, could be involved. With exploit scripts for the related CVE-2025-61882 having been leaked publicly, security experts are bracing for a potential surge in attack attempts.
Efforts to obtain additional details from Oracle are ongoing, and this report will be updated should new information become available. To stay informed on critical security developments, subscribe to breaking news email alerts covering the latest data breaches, vulnerabilities, and cyber threats.
(Source: HelpNet Security)
