CVE-2025-61884 is a high-severity vulnerability in Oracle E-Business Suite Configurator that allows unauthenticated remote attackers to access critical data via HTTP. The vulnerability has been actively exploited in the wild and added to CISA's KEV catalog.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
📅 CVE Published: 2025-10-12
📅 Added to CISA KEV: 2025-10-20 8 DAYS BETWEEN CVE AND KEV
CVE-2025 ... These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal ...
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator ...
Tracked as CVE-2025-61884, this information disclosure flaw in the Runtime UI component affects EBS versions 12.2.3 to 12.2.14 and could allow unauthenticated threat actors to steal sensitive data remotely following successful exploitation. "This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. Oracle strongly recommends that customers apply the updates or mitigations provided by this Security Alert as soon as possible," Oracle said.
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete ...
Oracle IOCs for CVE-2025-61882 incorrectly list the leaked exploit fixed by CVE-2025-61884 Source: Oracle. However, this is where things get confusing, primarily due to the silence of Oracle and other security vendors. When the exploit was leaked, researchers at watchTowr Labs analyzed it, confirming it can be used to perform unauthenticated remote code execution on servers. This leaked exploit first targets the "/configurator/UiServlet" endpoint in Oracle E-Business Suite as part of the attack chain.