🔴 CVE-2025-61884

CVE-2025-61884 is a high-severity vulnerability in Oracle E-Business Suite Configurator that allows unauthenticated remote attackers to access critical data via HTTP. The vulnerability has been actively exploited in the wild and added to CISA's KEV catalog.

← Back to Overview
HIGH_RISK
Risk Level
7.5
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
Yes (+117d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-10-12

Added to CISA KEV: 2025-10-20 8 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-10-20)

CVE-2025-61884 is a high-severity vulnerability affecting Oracle E-Business Suite, specifically the Oracle Configurator component [6]. Here's what is known about its exploitation:

  • Internet-facing applications or services: The vulnerability affects internet-facing applications and services. It is remotely exploitable over a network without needing a username or password [10][3].
  • Evidence of active exploitation in the wild: CVE-2025-61884 has been actively exploited in the wild [8].
  • Attack vectors and exploitation methods: The vulnerability can be exploited via HTTP, allowing an unauthenticated attacker with network access to compromise the Oracle Configurator [7][4]. A proof-of-concept exploit was leaked by the ShinyHunters group and targets the `/configurator/UiServlet` endpoint in Oracle E-Business Suite as part of the attack chain [5][11].
  • Targeted attacks: While not explicitly stated, the active exploitation of this vulnerability suggests it may be used in targeted attacks [1].
  • CISA Known Exploited Vulnerabilities status: CISA has added CVE-2025-61884 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation [1][9].
  • Technical details about internet exploitability: The vulnerability is easily exploitable, requiring only network access via HTTP. Successful exploitation can lead to unauthorized access to critical data or complete access to the Oracle Configurator [7][2].

Sources

  1. CISA Adds Five Known Exploited Vulnerabilities to Catalog

    CVE-2025 ... These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal ...

  2. CVE-2025-61884 Detail - NVD

    Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator ...

  3. Oracle releases emergency patch for new E-Business Suite flaw

    Tracked as CVE-2025-61884, this information disclosure flaw in the Runtime UI component affects EBS versions 12.2.3 to 12.2.14 and could allow unauthenticated threat actors to steal sensitive data remotely following successful exploitation. "This vulnerability is remotely exploitable without authent…

  4. CVE-2025-61884 - Vulnerability Details - OpenCVE

    Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful at…

  5. Oracles silently fixes zero-day exploit leaked by ShinyHunters

    Oracle IOCs for CVE-2025-61882 incorrectly list the leaked exploit fixed by CVE-2025-61884 Source: Oracle. However, this is where things get confusing, primarily due to the silence of Oracle and other security vendors. When the exploit was leaked, researchers at watchTowr Labs analyzed it, confirmin…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed