CVE-2025-61884
Published Oct 12, 2025
Last updated a month ago
AI description
CVE-2025-61884 is a vulnerability affecting the Oracle Configurator component's Runtime UI within the Oracle E-Business Suite (EBS). The vulnerability impacts versions 12.2.3 through 12.2.14. It can be exploited by an unauthenticated attacker with network access via HTTP. Successful exploitation of CVE-2025-61884 can lead to unauthorized access to critical data or complete access to all Oracle Configurator accessible data. Oracle has released a security patch to address this vulnerability and strongly recommends that customers apply the provided updates promptly.
- Description
- Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
- Source
- secalert_us@oracle.com
- NVD status
- Analyzed
- Products
- configurator
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
- Exploit added on
- Oct 20, 2025
- Exploit action due
- Nov 10, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-22
- Hype score
- Not currently trending
これの続きですね、ランサムウェアCL0P 「Oracle EBSのサイバー攻撃 キャンペーン、Cl0p(Clop)が30社をリークサイトに掲載(CVE-2025-61882,CVE-2025-61884)」 https://t.co/yyE6CEzFJe
@NobMiwa
21 Nov 2025
1652 Impressions
2 Retweets
7 Likes
5 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #AuthenticationBypass Oracle Warns of Unauthenticated Vulnerability in E-Business Suite (CVE-2025-61884) https://t.co/nBmw660cAA
@Komodosec
18 Nov 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Washington Post hit in CL0P’s Oracle EBS The @washingtonpost confirmed a breach via Oracle E-Business Suite 0day CVE-2025-61884. Data was accessed July/August 2025, exposing names, bank and routing numbers, SSNs and tax IDs of 10k staff/contractors. #ransomNews #CL0P h
@ransomnews
15 Nov 2025
198 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Washington Post confirms data breach via Oracle E-Business Suite vulnerability CVE-2025-61884, affecting 10,000+ individuals. CL0P ransomware group claims over 40 victims in related attacks. #OracleBreach #CL0PRansomware #USA https://t.co/48ZHoG0GGC
@TweetThreatNews
15 Nov 2025
120 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-61884 - high 🚨 Oracle E-Business Suite - Server-Side Request Forgery > Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (componen... 👾 https://t.co/EgZIJLMwWo @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
31 Oct 2025
126 Impressions
0 Retweets
1 Like
3 Bookmarks
0 Replies
0 Quotes
🚨 DARK BAY CYBER DAILY 🚨 🔍 Oracle patches 374 CVEs, incl. CVE-2025-61884 (CVSS 9.8) - Deploy now! ⚠️ Akira RaaS targets US defense - Stay alert! 📉 AT&T Careers data breach - 576K resumes exposed. Dive in: https://t.co/XbT7guVbi9 #CyberSecurity #Infosec #Dar
@DarkBayIntel
29 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
DAILY CYBER REPORT: 1/7 🚨 ORACLE CPU CRITICAL 🚨 Oracle Oct 2025 patches 374 CVEs incl **CVSS 9.8 RCE** in EBS (CVE-2025-61884 - CISA KEV). US orgs: Deploy PSU/RU NOW - exploits inbound! https://t.co/vv8I8X8Azp #DarkBayCyber #PatchNow DM "CYBER" 👇
@DarkBayIntel
29 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Oracle rushed out a critical patch (CVE-2025-61884) for its E-Business Suite. Attackers were using the flaw to gain full access without login. (TechRadar, 2025) 🧩 If your business uses enterprise apps or legacy systems, this is your wake-up call—“just works” doesn
@BGMloop
29 Oct 2025
33 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
⚠️Vulnerabilidad en productos Oracle ❗CVE-2025-61884 ➡️Más info: https://t.co/8Vgfa0ErSL https://t.co/hePjy6SlpM
@CERTpy
28 Oct 2025
132 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets CISA added 5 flaws to its KEV catalog, confirming CVE-2025-61884 an unauthenticated SSRF in Oracle E-Business Suite Runtime — is being exploited in the wild. Read More: https://t.co/xALKyJQ4
@pinakinit1
27 Oct 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚀 $ORCL – ORACLE CORP. $ORCL fixes a security vulnerability in E-Business Suite (CVE-2025-61884) per CISA guidance. This reinforces Oracle’s secure enterprise solutions. Join our AI & semiconductor picks 👇 💬 Get your pre-market trading guide 🔗 https://t.co/
@StekDaniel
24 Oct 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISO Threat Brief - Oct 22, 2025 CRITICAL ALERTS: 🔴 Microsoft Zero-Days (2 exploited): • CVE-2025-24990: Windows Modem Driver privesc • CVE-2025-59230: RasMan privesc Patch NOW - 172 vulns total in Oct PT 🔴 CISA KEV (Due Nov 10): • CVE-2025-61884: Oracle EBS SS
@drbinaryai
23 Oct 2025
84 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛡️ #Oracle E-Business Suite(EBS)に新たな脆弱性「CVE-2025-61884」公開 この脆弱性は認証を経ずに設定情報へアクセスできる可能性があり、企業システム全体に深刻な影響を及ぼす恐れがあります。 Crimina
@CriminalIP_JP
23 Oct 2025
163 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🛡️#Oracle EBS CVE-2025-61884 — 구성 데이터 노출 경고 고위험 취약점 CVE-2025-61884가 Oracle E-Business Suite12.2.3–12.2.14에서 공개되었습니다. Criminal IP는 전 세계에서 1,048건의 공개 노출 EBS 인스턴스를 탐지했으며, 미국·
@CriminalIP_KR
23 Oct 2025
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Thread: "Oracle EBS Zero-Day Siege: Unauth RCE Patched—But Storm-1175's Medusa Chains Are Live!" 🚨🔒 1/5: "🚨 ORACLE URGENT PATCH: EBS flaws CVE-2025-61882 & CVE-2025-61884 (both CVSS 9.8) exploited for unauth RCE—remote code exec via SSRF chains. CISA's KEV list c
@CybershieldHub
23 Oct 2025
88 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Oh look, another YouTuber with a face-full-of-ads waxes poetic about “square” computers and their “sensitive files” while lecturing us on how ransomware magically encrypts your taxes2025.csv—riveting stuff, Sherlock. He breezily recaps CVE-2025-61882 and CVE-2025-61884
@JoeMaristela
23 Oct 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA has added the #Oracle E-Business Suite flaw tracked as CVE-2025-61884 to its Known Exploited Vulnerabilities catalogue. #CyberSecurity #InfoSec #Hacking #CyberCrime https://t.co/PTrAbRcE0l https://t.co/AdFRJJ8yGp
@twelvesec
22 Oct 2025
57 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
Cyber Threat Intelligence 22/10/2568 backward 24 hr: ระดับ 1 (ฉุกเฉิน): Oracle E-Business Suite (CVE-2025-61882, CVE-2025-61884) เนื่องจากมีการใช้ประโยชน์จาก Zero-day อย่างแพร่หล
@PSirimajun
22 Oct 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログがサイレント更新。CVE-2025-61884のランサムウェアによる悪用が「あり」に。 https://t.co/8RFRzkYcq5
@__kokumoto
21 Oct 2025
6615 Impressions
18 Retweets
64 Likes
19 Bookmarks
1 Reply
1 Quote
🚨 CISA confirms active exploitation of Oracle E-Business Suite SSRF vulnerability CVE-2025-61884. Patch ASAP! #security #vulnerability #oracle #cisa #ebusinesssuite https://t.co/YhnjqKMsjs https://t.co/YhnjqKMsjs
@fishpassenger
21 Oct 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV ALERT: How to Patch Oracle E-Business Suite SSRF Flaw (CVE-2025-61884) & Block RCE (CVE-2025-61882) Now Read the full report on - https://t.co/B2AKJJZrJm https://t.co/I9CmtuWshU
@Iambivash007
21 Oct 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CISA confirma vulnerabilidades en Oracle y Windows CISA (agencia estadounidense de ciberseguridad) agregó cinco fallas al catálogo de vulnerabilidades explotadas (KEV). Incluyendo una nueva en Oracle E-Business Suite (CVE-2025-61884) que permite acceso no autenticado
@CycuraMX
21 Oct 2025
4346 Impressions
18 Retweets
69 Likes
15 Bookmarks
0 Replies
0 Quotes
🛡️ CISA confirma vulnerabilidades en Orable y Windows CISA (agencia estadounidense de ciberseguridad) agregó cinco fallas al catálogo de vulnerabilidades explotadas (KEV). Incluyendo una nueva en Oracle E-Business Suite (CVE-2025-61884) que permite acceso no autenticado
@CycuraMX
21 Oct 2025
149 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-61884 : Oracle E-Business Suite (EBS) ใหม่สามารถให้แฮกเกอร์เข้าถึงข้อมูลได้โดยไม่ต้องล็อกอิน รุ่นที่รองรับที่ได้รับผ
@freedomhack101
21 Oct 2025
95 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🇺🇸 🚨 BREAKING: CISA alerts active exploitation of CVE-2025-61884 (SSRF) in Oracle E-Business Suite Runtime/Configurator — risk of data exfiltration in US and worldwide. https://t.co/f68SJhxwMw #CISA #Cybersecurity
@STRATINT_AI
21 Oct 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Cl0p Weaponizes Oracle EBS Zero-Days: Extortion Active ⚠️ Cl0p ransomware actively exploiting two Oracle E-Business Suite RCE flaws (CVE-2025-61882, CVE-2025-61884). Exploit code's public. EBS 12.2.3–12.2.14 vulnerable to unauthenticated RCE via License Servlet and R
@the_c_protocol
21 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #CVE-2025-61884: The #Oracle EBS Backdoor That Lets Hackers Steal Data Without a Password https://t.co/SvemtcBazo Educational Purposes!
@UndercodeUpdate
21 Oct 2025
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Oracle E-Business Suite CVE-2025-61884 Zero-Day Exploitation & Extortion: Comprehensive Breach Advisory [Critical] Oct 21, 2025 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #ThreatIntelligence #LLM https://t.co/Lp6Invv9dJ
@transilienceai
21 Oct 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA añade 5 fallos críticos a su catálogo KEV. CVE-2025-61884 afecta a Oracle EBS, con un puntaje CVSS de 7.5, ya explotado en ataques reales. ¡Atención a la seguridad de tus sistemas! ⚠️🔓 #CiberSeguridad #Hacking https://t.co/UY5rRWQbXn
@kalirsec
21 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA doesn’t provide details on how vulnerabilities are being exploited, but the October 11 Oracle E-Business Suite CVE-2025-61884 vulnerability announcement followed an ongoing campaign by the CL0P ransomware group to exploit CVE-2025-61882, a 9.8-severity remote code executio
@Kent236896
21 Oct 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cuidado con las nuevas vulnerabilidades críticas en Oracle E-Business Suite y Microsoft. CVE-2025-61884 ya está siendo explotada activamente. 🛡️ Actualiza y protege tus sistemas inmediatamente. ⚠️ #CiberSeguridad #Hacking https://t.co/zibsEeQy9h
@kalirsec
21 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Nuevas vulnerabilidades críticas añadidas al catálogo de CISA. Entre ellas, CVE-2025-61884 en Oracle EBS, con un CVSS de 7.5, ya está siendo explotada. ¡Atención, Microsoft también está en la mira! 🔓⚠️ #CiberSeguridad #Hacking https://t.co/eS8Nm1piUr
@kalirsec
20 Oct 2025
4 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA update 5 bug baru kat KEV Catalog dia! Bug Oracle EBS CVE-2025-61884 confirm dah kena exploit. Microsoft, Kentico, Apple pun tak ketinggalan. Agensi kerajaan wajib settlekan patch semua ni sebelum 10 Nov 2025! Cepat sikit gaisss! https://t.co/SmSJyl0rOn
@u_know_tekno
20 Oct 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA just added 5 active CVEs to the KEV list. The big one? Oracle EBS — under live attack from a new SSRF flaw (CVE-2025-61884). Remote access, no auth. Real-world hits confirmed. Deadline to patch: Nov 10. Details → https://t.co/v0dZLwD0Sf
@TheHackersNews
20 Oct 2025
13937 Impressions
25 Retweets
63 Likes
5 Bookmarks
0 Replies
1 Quote
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-61884 #Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability https://t.co/pu9WEcSxCL
@ScyScan
20 Oct 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📊 Oracle E-Business Suite (EBS) zero-day CVE-2025-61884 now under active exploitation in the wild. Remotely exploitable RCE affecting EBS 12.2.3–12.2.14. No authentication required. Cl0p ransomware gang already targeting victims + sending extortion emails. Public exploit cod
@the_c_protocol
20 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 ORACLE EBS (CVE-2025-61884) Fallo en Oracle Configurator (Runtime UI) permite acceso no autenticado vía HTTP a recursos sensibles. Afecta 12.2.3–12.2.14 (CVSS 7.5). 👉 Aplica el Security Advisory ya, evita exposición a Internet y monitoriza accesos. 🌐 Más informaci
@rootedcon
20 Oct 2025
1435 Impressions
7 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw (CVE-2025-61884) in Oracle Configurator could be exploited remotely with no authentication needed. Learn how to protect your systems in this #CybersecurityThreatAdvisory: https://t.co/ymMPNNoZIc
@SmarterMSP
18 Oct 2025
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🥳Oracle just disclosed a new vulnerability tagged CVE-2025-61884 - remotely exploitable vuln without requiring authentication 👉Nuclei detection for CVE-2025-61884 -https://t.co/1qBLA3vxmO https://t.co/94cmP8hB9A
@HackingTeam777
16 Oct 2025
1194 Impressions
3 Retweets
29 Likes
13 Bookmarks
0 Replies
0 Quotes
🥳Oracle just disclosed a new vulnerability tagged CVE-2025-61884 - remotely exploitable vuln without requiring authentication 👉Nuclei detection for CVE-2025-61884 -https://t.co/m7Nwv3KrVm https://t.co/hyMqJNhpnK
@Anastasis_King
16 Oct 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cyber threats surge: ransomware, vulnerabilities, espionage & fraud schemes escalate in past hour. Key takeaways👇 🛡️ Oracle E-Business Suite hit by critical unauthenticated info disclosure vulnerability (CVE-2025-61884) risking exposure of sensitive business data. Pa
@np_cyber_news
16 Oct 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Oracle arregló en silencio una falla 0-day... usada para robarte datos Si tu empresa usa Oracle E-Business Suite, tienes una nueva urgencia. Oracle lanzó este fin de semana una actualización para una nueva falla crítica (CVE-2025-61884). Pero no dijo públicamente
@CycuraMX
15 Oct 2025
2356 Impressions
21 Retweets
40 Likes
11 Bookmarks
1 Reply
1 Quote
Oracle E-Business Suite touché par une vulnérabilité critique CVE-2025-61884 https://t.co/n9QSptBdnE #PreventionInternet #Cybersécurité
@Prevention_web
15 Oct 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unencrypted Satellites and Global Cyber Threats Expose Communications Unencrypted satellites risk global comms; Flax Typhoon APT exploited ArcGIS server for over a year. Widespread RDP attacks via 100K-node botnet, Oracle EBS flaw CVE-2025-61884 fixed after breaches. UK NCSC htt
@Secwiserapp
15 Oct 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Oracle Configurator [—] Oct 15, 2025 Product Security Advisory Report on Oracle Configurator Vulnerability CVE-2025-61884 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z https://t.co/QuwNtEhw6z #ThreatIntelligence #Innovation https://t.co/wDtD4lh0NM
@transilienceai
15 Oct 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Oracle Configurator [—] Oct 15, 2025 Product Security Advisory Report on Oracle Configurator Vulnerability CVE-2025-61884 Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z https://t.co/QuwNtEhw6z #ThreatIntelligence #Innovation https://t.co/Y0uXti6Tdu
@transilienceai
15 Oct 2025
25 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Oracle has reportedly fixed a critical vulnerability (CVE-2025-61884) in its E-Business Suite that was exploited by the ShinyHunters group, who leaked a proof-of-concept exploit. #CyberSecurity #Oracle https://t.co/xnwf00anmb
@Cyber_O51NT
15 Oct 2025
107 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
オラクル社が修正したOracle Oracle E-Business Suite (EBS)のCVE-2025-61884は、ShinyHunters集団が悪用し、PoC(攻撃の概念実証コード)を公表したものだった。オラクル社は修正時にゼロデイであることを開示しておらず。 h
@__kokumoto
14 Oct 2025
1997 Impressions
4 Retweets
7 Likes
3 Bookmarks
1 Reply
1 Quote
Oracle has silently fixed CVE-2025-61884, a critical E-Business Suite SSRF vulnerability exploited by Clop and ShinyHunters for remote, unauthenticated access to sensitive data. #OracleEBS #ZeroDay #SSRF https://t.co/s7CzSnP94V
@TweetThreatNews
14 Oct 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
oh whats this? another zero day patched? 🟧 CVE-2025-61884, CVSS: 7.5 (High) Oracle E-Business Suite, Oracle Configurator, component Runtime UI. Affected versions: 12.2.3 through 12.2.14 This is an easily exploitable remote vulnerability: an unauthenticated attacker with HTT
@UjlakiMarci
14 Oct 2025
88 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CC0EA09-3974-4A14-8724-27020AECB5A8",
"versionEndIncluding": "12.2.14",
"versionStartIncluding": "12.2.3"
}
],
"operator": "OR"
}
]
}
]