Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Oracle E-Business Suite / Oracle Configurator access flaw (CVE-2025-61884)

Vulnerability
First reported
Last updated
Happening score
H score 64
2 unique sources, 5 articles

Summary

Hide ▲

Oracle E-Business Suite flaw CVE-2025-61884 is now confirmed as actively exploited and added to CISA’s Known Exploited Vulnerabilities catalog. The issue is an unauthenticated SSRF in the Oracle Configurator runtime component affecting EBS 12.2.3 through 12.2.14, and Oracle has directed federal agencies to patch by November 10, 2025. The reporting also separates this flaw from the distinct CVE-2025-61882 campaign tied to /OA_HTML/SyncServlet and attributed to Clop.

Related Happenings

Oracle WebLogic Server unauthenticated remote compromise flaw (CVE-2024-21182)

Vulnerability
First: 02.06.2026 15:40 Last: 02.06.2026 15:40 Sources 1

About this happening: **CVE-2024-21182** in **Oracle WebLogic Server** is **actively exploited** and can let a **network-access attacker** achieve **unauthenticated remote compromise**. The flaw affect...

Open Happening

CISA orders federal patching of Oracle WebLogic CVE-2024-21182

Public Sector Action
First: 02.06.2026 15:40 Last: 02.06.2026 15:40 Sources 1

About this happening: CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

CISA orders FCEB remediation deadlines for KEV vulnerabilities

Public Sector Action
First: 10.03.2026 08:17 Last: 10.03.2026 08:17 Sources 1

About this happening: CISA ordered **FCEB agencies** to patch **SolarWinds Web Help Desk** by **March 12, 2026** and to fix the other two KEV-listed flaws by **March 23, 2026**, tightening remediation...

Open Happening

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First: 20.02.2026 19:02 Last: 20.02.2026 19:02 Sources 1

About this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...

Open Happening

Timeline

  1. 13.10.2025 17:42 5 articles · 7mo ago

    Oracle issues emergency patch for CVE-2025-61884 in E-Business Suite Runtime UI

    Mitigation Patch Update

    Oracle issues an emergency security update for CVE-2025-61884 in E-Business Suite Runtime UI, a flaw affecting EBS versions 12.2.3 to 12.2.14 that is remotely exploitable without authentication and could let attackers steal sensitive data or access sensitive resources; Oracle rates the issue CVSS Base Score 7.5 and urges customers to apply the updates or mitigations as soon as possible.

    Show sources
    Open in new tab
  2. 12.10.2025 20:24 1 articles · 7mo ago

    Oracle discloses CVE-2025-61884 in E-Business Suite

    Initial Disclosure

    Oracle issued a security alert for CVE-2025-61884 in E-Business Suite, a high-severity flaw rated CVSS 7.5 that affects versions 12.2.3 through 12.2.14 and Oracle Configurator. Oracle said an unauthenticated attacker with network access via HTTP could remotely exploit the issue to obtain unauthorized access to critical data or complete access to Oracle Configurator accessible data, and urged customers to apply the update as soon as possible.

    Show sources
    Open in new tab