CVE-2025-61884
Published Oct 12, 2025
Last updated a day ago
AI description
CVE-2025-61884 is a vulnerability affecting the Oracle Configurator component's Runtime UI within the Oracle E-Business Suite (EBS). The vulnerability impacts versions 12.2.3 through 12.2.14. It can be exploited by an unauthenticated attacker with network access via HTTP. Successful exploitation of CVE-2025-61884 can lead to unauthorized access to critical data or complete access to all Oracle Configurator accessible data. Oracle has released a security patch to address this vulnerability and strongly recommends that customers apply the provided updates promptly.
- Description
- Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
- Source
- secalert_us@oracle.com
- NVD status
- Modified
- Products
- configurator
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
- Exploit added on
- Oct 20, 2025
- Exploit action due
- Nov 10, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
21
Cyber Threat Intelligence 22/10/2568 backward 24 hr: ระดับ 1 (ฉุกเฉิน): Oracle E-Business Suite (CVE-2025-61882, CVE-2025-61884) เนื่องจากมีการใช้ประโยชน์จาก Zero-day อย่างแพร่หล
@PSirimajun
22 Oct 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログがサイレント更新。CVE-2025-61884のランサムウェアによる悪用が「あり」に。 https://t.co/8RFRzkYcq5
@__kokumoto
21 Oct 2025
6549 Impressions
18 Retweets
63 Likes
19 Bookmarks
1 Reply
1 Quote
🚨 CISA confirms active exploitation of Oracle E-Business Suite SSRF vulnerability CVE-2025-61884. Patch ASAP! #security #vulnerability #oracle #cisa #ebusinesssuite https://t.co/YhnjqKMsjs https://t.co/YhnjqKMsjs
@fishpassenger
21 Oct 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV ALERT: How to Patch Oracle E-Business Suite SSRF Flaw (CVE-2025-61884) & Block RCE (CVE-2025-61882) Now Read the full report on - https://t.co/B2AKJJZrJm https://t.co/I9CmtuWshU
@Iambivash007
21 Oct 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CISA confirma vulnerabilidades en Oracle y Windows CISA (agencia estadounidense de ciberseguridad) agregó cinco fallas al catálogo de vulnerabilidades explotadas (KEV). Incluyendo una nueva en Oracle E-Business Suite (CVE-2025-61884) que permite acceso no autenticado
@CycuraMX
21 Oct 2025
4346 Impressions
18 Retweets
69 Likes
15 Bookmarks
0 Replies
0 Quotes
🛡️ CISA confirma vulnerabilidades en Orable y Windows CISA (agencia estadounidense de ciberseguridad) agregó cinco fallas al catálogo de vulnerabilidades explotadas (KEV). Incluyendo una nueva en Oracle E-Business Suite (CVE-2025-61884) que permite acceso no autenticado
@CycuraMX
21 Oct 2025
149 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-61884 : Oracle E-Business Suite (EBS) ใหม่สามารถให้แฮกเกอร์เข้าถึงข้อมูลได้โดยไม่ต้องล็อกอิน รุ่นที่รองรับที่ได้รับผ
@freedomhack101
21 Oct 2025
95 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🇺🇸 🚨 BREAKING: CISA alerts active exploitation of CVE-2025-61884 (SSRF) in Oracle E-Business Suite Runtime/Configurator — risk of data exfiltration in US and worldwide. https://t.co/f68SJhxwMw #CISA #Cybersecurity
@STRATINT_AI
21 Oct 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Cl0p Weaponizes Oracle EBS Zero-Days: Extortion Active ⚠️ Cl0p ransomware actively exploiting two Oracle E-Business Suite RCE flaws (CVE-2025-61882, CVE-2025-61884). Exploit code's public. EBS 12.2.3–12.2.14 vulnerable to unauthenticated RCE via License Servlet and R
@the_c_protocol
21 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-61884: The #Oracle EBS Backdoor That Lets Hackers Steal Data Without a Password https://t.co/SvemtcBazo Educational Purposes!
@UndercodeUpdate
21 Oct 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Oracle E-Business Suite CVE-2025-61884 Zero-Day Exploitation & Extortion: Comprehensive Breach Advisory [Critical] Oct 21, 2025 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #LLM https://t.co/Lp6Invv9dJ
@transilienceai
21 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA añade 5 fallos críticos a su catálogo KEV. CVE-2025-61884 afecta a Oracle EBS, con un puntaje CVSS de 7.5, ya explotado en ataques reales. ¡Atención a la seguridad de tus sistemas! ⚠️🔓 #CiberSeguridad #Hacking https://t.co/UY5rRWQbXn
@kalirsec
21 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA doesn’t provide details on how vulnerabilities are being exploited, but the October 11 Oracle E-Business Suite CVE-2025-61884 vulnerability announcement followed an ongoing campaign by the CL0P ransomware group to exploit CVE-2025-61882, a 9.8-severity remote code executio
@Kent236896
21 Oct 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cuidado con las nuevas vulnerabilidades críticas en Oracle E-Business Suite y Microsoft. CVE-2025-61884 ya está siendo explotada activamente. 🛡️ Actualiza y protege tus sistemas inmediatamente. ⚠️ #CiberSeguridad #Hacking https://t.co/zibsEeQy9h
@kalirsec
21 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Nuevas vulnerabilidades críticas añadidas al catálogo de CISA. Entre ellas, CVE-2025-61884 en Oracle EBS, con un CVSS de 7.5, ya está siendo explotada. ¡Atención, Microsoft también está en la mira! 🔓⚠️ #CiberSeguridad #Hacking https://t.co/eS8Nm1piUr
@kalirsec
20 Oct 2025
4 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA update 5 bug baru kat KEV Catalog dia! Bug Oracle EBS CVE-2025-61884 confirm dah kena exploit. Microsoft, Kentico, Apple pun tak ketinggalan. Agensi kerajaan wajib settlekan patch semua ni sebelum 10 Nov 2025! Cepat sikit gaisss! https://t.co/SmSJyl0rOn
@u_know_tekno
20 Oct 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA just added 5 active CVEs to the KEV list. The big one? Oracle EBS — under live attack from a new SSRF flaw (CVE-2025-61884). Remote access, no auth. Real-world hits confirmed. Deadline to patch: Nov 10. Details → https://t.co/v0dZLwD0Sf
@TheHackersNews
20 Oct 2025
13937 Impressions
25 Retweets
63 Likes
5 Bookmarks
0 Replies
1 Quote
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-61884 #Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability https://t.co/pu9WEcSxCL
@ScyScan
20 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📊 Oracle E-Business Suite (EBS) zero-day CVE-2025-61884 now under active exploitation in the wild. Remotely exploitable RCE affecting EBS 12.2.3–12.2.14. No authentication required. Cl0p ransomware gang already targeting victims + sending extortion emails. Public exploit cod
@the_c_protocol
20 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 ORACLE EBS (CVE-2025-61884) Fallo en Oracle Configurator (Runtime UI) permite acceso no autenticado vía HTTP a recursos sensibles. Afecta 12.2.3–12.2.14 (CVSS 7.5). 👉 Aplica el Security Advisory ya, evita exposición a Internet y monitoriza accesos. 🌐 Más informaci
@rootedcon
20 Oct 2025
1435 Impressions
7 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw (CVE-2025-61884) in Oracle Configurator could be exploited remotely with no authentication needed. Learn how to protect your systems in this #CybersecurityThreatAdvisory: https://t.co/ymMPNNoZIc
@SmarterMSP
18 Oct 2025
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🥳Oracle just disclosed a new vulnerability tagged CVE-2025-61884 - remotely exploitable vuln without requiring authentication 👉Nuclei detection for CVE-2025-61884 -https://t.co/1qBLA3vxmO https://t.co/94cmP8hB9A
@HackingTeam777
16 Oct 2025
1194 Impressions
3 Retweets
29 Likes
13 Bookmarks
0 Replies
0 Quotes
🥳Oracle just disclosed a new vulnerability tagged CVE-2025-61884 - remotely exploitable vuln without requiring authentication 👉Nuclei detection for CVE-2025-61884 -https://t.co/m7Nwv3KrVm https://t.co/hyMqJNhpnK
@Anastasis_King
16 Oct 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber threats surge: ransomware, vulnerabilities, espionage & fraud schemes escalate in past hour. Key takeaways👇 🛡️ Oracle E-Business Suite hit by critical unauthenticated info disclosure vulnerability (CVE-2025-61884) risking exposure of sensitive business data. Pa
@np_cyber_news
16 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Oracle arregló en silencio una falla 0-day... usada para robarte datos Si tu empresa usa Oracle E-Business Suite, tienes una nueva urgencia. Oracle lanzó este fin de semana una actualización para una nueva falla crítica (CVE-2025-61884). Pero no dijo públicamente
@CycuraMX
15 Oct 2025
2356 Impressions
21 Retweets
40 Likes
11 Bookmarks
1 Reply
1 Quote
Oracle E-Business Suite touché par une vulnérabilité critique CVE-2025-61884 https://t.co/n9QSptBdnE #PreventionInternet #Cybersécurité
@Prevention_web
15 Oct 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unencrypted Satellites and Global Cyber Threats Expose Communications Unencrypted satellites risk global comms; Flax Typhoon APT exploited ArcGIS server for over a year. Widespread RDP attacks via 100K-node botnet, Oracle EBS flaw CVE-2025-61884 fixed after breaches. UK NCSC htt
@Secwiserapp
15 Oct 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Oracle Configurator [—] Oct 15, 2025 Product Security Advisory Report on Oracle Configurator Vulnerability CVE-2025-61884 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z https://t.co/QuwNtEhw6z #ThreatIntelligence #Innovation https://t.co/wDtD4lh0NM
@transilienceai
15 Oct 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Oracle Configurator [—] Oct 15, 2025 Product Security Advisory Report on Oracle Configurator Vulnerability CVE-2025-61884 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z https://t.co/QuwNtEhw6z #ThreatIntelligence #Innovation https://t.co/Y0uXti6Tdu
@transilienceai
15 Oct 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Oracle has reportedly fixed a critical vulnerability (CVE-2025-61884) in its E-Business Suite that was exploited by the ShinyHunters group, who leaked a proof-of-concept exploit. #CyberSecurity #Oracle https://t.co/xnwf00anmb
@Cyber_O51NT
15 Oct 2025
107 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
オラクル社が修正したOracle Oracle E-Business Suite (EBS)のCVE-2025-61884は、ShinyHunters集団が悪用し、PoC(攻撃の概念実証コード)を公表したものだった。オラクル社は修正時にゼロデイであることを開示しておらず。 h
@__kokumoto
14 Oct 2025
1997 Impressions
4 Retweets
7 Likes
3 Bookmarks
1 Reply
1 Quote
Oracle has silently fixed CVE-2025-61884, a critical E-Business Suite SSRF vulnerability exploited by Clop and ShinyHunters for remote, unauthenticated access to sensitive data. #OracleEBS #ZeroDay #SSRF https://t.co/s7CzSnP94V
@TweetThreatNews
14 Oct 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
oh whats this? another zero day patched? 🟧 CVE-2025-61884, CVSS: 7.5 (High) Oracle E-Business Suite, Oracle Configurator, component Runtime UI. Affected versions: 12.2.3 through 12.2.14 This is an easily exploitable remote vulnerability: an unauthenticated attacker with HTT
@UjlakiMarci
14 Oct 2025
88 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#cyberNEWS Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. https://t.co/A7U3ymLrPe
@CyberSysblue
14 Oct 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصلحت أوراكل بهدوء ثغرة في Oracle E-Business Suite (CVE-2025-61884) كانت تُستغل لاختراق الخوادم، بعد أن تم تسريب إثبات مفهوم للاختراق من قِبل مجموعة شينيهنترز. https://t.co/jOpq
@Cybercachear
14 Oct 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle E-Business Suiteに新脆弱性、未認証で機密データ流出の危険―CVE-2025-61884 https://t.co/Qce2ikhxw5 #izumino_trend
@sec_trend
14 Oct 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
أصدرت أوراكل إصلاحًا عاجلاً لنقص أمان جديد في E-Business Suite يمكن استغلاله عن بُعد دون الحاجة لمصادقة. يحمل هذا العيب، CVE-2025-61884، تقييمًا يبلغ 7.5 تحت معيار CVSS. هل
@Cybereayn
14 Oct 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent alert! Oracle's latest E-Business Suite vulnerability (CVE-2025-61884) allows remote, unauthenticated access, risking critical data. Time to upgrade if you're still on unsupported versions! How are you securing your systems? #OracleEBusinessSuiteVulnerability https://t.co/
@CyberDailyPost
14 Oct 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
أصدرت Oracle تحديثًا احترازيًا بسبب ثغرة جديدة في E-Business Suite يمكن استغلالها عن بُعد دون مصادقة. تحمل الثغرة، CVE-2025-61884، تصنيف شدة عالٍ 7.5. كيف تتعامل مع مثل هذه ا
@Cybereayn
14 Oct 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle patched CVE-2025-61884, fixing an info‑disclosure flaw in E‑Business Suite Runtime UI 12.2.3‑12.2.14. Deploy now, check UI logs for leaks. https://t.co/iNzJdek256 #infosec #Oracle
@_UncleHacker_
14 Oct 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle E-Business Suite Bug CVE-2025-61884 Allows Data Theft Without Login #Oracle #CyberSecurity #DataBreach #CVE2025 #Vulnerability #InfoSec #ERP #OracleEBS #PatchNow #CyberAttack https://t.co/3bKf5C8I5g
@cyashadotcom
14 Oct 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new Oracle security alert reveals a high-severity flaw (CVE-2025-61884) in its E-Business Suite (EBS) that could allow remote access without authentication. Affecting Oracle Configurator versions 12.2.3 through 12.2.14, the vulnerability carries a CVSS score of 7.5 and could h
@securityblvd
14 Oct 2025
158 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A new Oracle security alert reveals a high-severity flaw (CVE-2025-61884) in its E-Business Suite (EBS) that could allow remote access without authentication. Affecting Oracle Configurator versions 12.2.3 through 12.2.14, the vulnerability carries a CVSS score of 7.5 and could h
@securityblvd
14 Oct 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
リモートから悪用可能な Oracle EBS の脆弱性が新たに発見されました (CVE-2025-61884)。注意が必要です Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884) #HelpNetSecurity (Oct 12) https://t.co/bNn2CPPx
@foxbook
14 Oct 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
リモートから悪用可能な Oracle EBS の脆弱性が新たに発見されました (CVE-2025-61884)。注意が必要です Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884) #HelpNetSecurity (Oct 12) https://t.co/bNn2CPPx6w
@foxbook
14 Oct 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracleが新たなE-Business Suite脆弱性に緊急パッチをリリース(CVE-2025-61884) https://t.co/LyzyeMRsW3 #Security #セキュリティー #ニュース
@SecureShield_
14 Oct 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle patches high-severity flaw CVE-2025-61884 in E-Business Suite enabling unauthenticated remote access to sensitive data. CL0P ransomware exploited prior CVE-2025-61882, targeting Harvard. #OraclePatch #RansomwareAttack #USA https://t.co/Y8QamlDCZ4
@TweetThreatNews
13 Oct 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oracle patches CVE-2025-61884, a RCE in EBS Runtime UI. CL0P leverages this flaw to store payloads in XDO_TEMPLATES_B. Patch, audit tables and monitor /OA_HTML/configurator calls. https://t.co/hwvK3UkjhF #infosec #CVE2025-61884
@_UncleHacker_
13 Oct 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Harvard confirms a limited breach via Oracle E-Business Suite zero-day CVE-2025-61882, linked to Clop ransomware. Oracle also warns of related vulnerability CVE-2025-61884 on the same platform. #OracleEBS #ClopGroup #USA https://t.co/8WsDeef0nn
@TweetThreatNews
13 Oct 2025
204 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
ORACLE ALERT: CRITICAL DATA VULNERABILITY A new high-severity bug (CVE-2025-61884) in #Oracle E-Business Suite could allow unauthenticated attackers to compromise the Configurator and steal sensitive data. Patching is urgent, can be exploited remotely. https://t.co/j2iXTRl835
@ohmyopps
13 Oct 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CC0EA09-3974-4A14-8724-27020AECB5A8",
"versionEndIncluding": "12.2.14",
"versionStartIncluding": "12.2.3"
}
],
"operator": "OR"
}
]
}
]