CVE-2025-61884

Analyzed

Published: 12 Oct 2025, 03:15

Last modified:27 Oct 2025, 17:08

Vulnerability Summary

Overall Risk

High Risk

67/100

AI Analysis

Emergency

Requires Immediate Action

AI Detection

Active in Wild

Exploitation Detected

CVSS Score

7.5 HIGH

CVSS v3.1 (ORACLE)

EPSS Score

10.21% HIGH

10% probability 0.00%

CISA KEV

Listed

Oracle

Ransomware

Known Use

Exploits

None found

Dark Web

Activity detected

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Source Identifier: secalert_us@oracle.com

CVSS	Source	Severity	Exploit.	Impact	Vector
v4.0	n/a
v3.1	Primarysecalert_us@oracle.com	7.5 HIGH	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/U...
v3.0	n/a
v2.0	n/a

34.61%

Current Score

0.00%

97%ile

Percentile Rank

0.00%

Loading chart...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22

Description:The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Server-Side Request Forgery (SSRF) CWE-918

Description:The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Vulnerability Name:Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

Added to CISA Catalog:20 Oct 2025, 00:00

Action Due:10 Nov 2025, 00:00

Known Ransomware: Ransomware

Required Action:Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Telegram Activity Detected

This vulnerability has been mentioned in monitored Telegram channels, indicating potential threat actor interest.

No known public exploit code indexed (as of 27 Oct 2025, 17:08).

Exploitation status can change quickly once PoC code appears.

Affected Configurations (CPE)

oracle configuratorVulnerable

Version: *

cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*

URL	Tags	Source
https://blogs.oracle.com/security/post/apply-july-2025-cpu	-	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://blogs.oracle.com/security/post/apply-july-2025-cpu	vendor advisory	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/	-	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/	exploitpress/media coverage	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884	-	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884	us government resource	134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html	-	secalert_us@oracle.com
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html	vendor advisory	secalert_us@oracle.com