Find notable cyber news and cases, enriched with sources, timelines, and signals.

Oracle E-Business Suite / Oracle Configurator access flaw (CVE-2025-61884)

Vulnerability
First reported
Last updated
Happening score
H score 60
2 unique sources, 5 articles

Summary

Hide ▲

Oracle E-Business Suite flaw CVE-2025-61884 is now confirmed as actively exploited and added to CISA’s Known Exploited Vulnerabilities catalog. The issue is an unauthenticated SSRF in the Oracle Configurator runtime component affecting EBS 12.2.3 through 12.2.14, and Oracle has directed federal agencies to patch by November 10, 2025. The reporting also separates this flaw from the distinct CVE-2025-61882 campaign tied to /OA_HTML/SyncServlet and attributed to Clop.

Related Happenings

SolarWinds Serv-U advisory and mitigations for CVE-2026-28318

Advisory/Mitigation
H score52 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...

CISA KEV order for SolarWinds Serv-U CVE-2026-28318

Public Sector Action
H score50 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...

Oracle WebLogic Server unauthenticated remote compromise flaw (CVE-2024-21182)

Vulnerability
H score59 First: 02.06.2026 15:40 Last: 02.06.2026 15:40 Sources 1

About this happening: **CVE-2024-21182** in **Oracle WebLogic Server** is **actively exploited** and can let a **network-access attacker** achieve **unauthenticated remote compromise**. The flaw affect...

CISA orders federal patching of Oracle WebLogic CVE-2024-21182

Public Sector Action
H score53 First: 02.06.2026 15:40 Last: 02.06.2026 15:40 Sources 1

About this happening: CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
H score38 First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Timeline

  1. 13.10.2025 17:42 5 articles · 8mo ago

    Oracle issues emergency patch for CVE-2025-61884 in E-Business Suite Runtime UI

    Mitigation Patch Update

    Oracle issues an emergency security update for CVE-2025-61884 in E-Business Suite Runtime UI, a flaw affecting EBS versions 12.2.3 to 12.2.14 that is remotely exploitable without authentication and could let attackers steal sensitive data or access sensitive resources; Oracle rates the issue CVSS Base Score 7.5 and urges customers to apply the updates or mitigations as soon as possible.

    Show sources
  2. 12.10.2025 20:24 1 articles · 9mo ago

    Oracle discloses CVE-2025-61884 in E-Business Suite

    Initial Disclosure

    Oracle issued a security alert for CVE-2025-61884 in E-Business Suite, a high-severity flaw rated CVSS 7.5 that affects versions 12.2.3 through 12.2.14 and Oracle Configurator. Oracle said an unauthenticated attacker with network access via HTTP could remotely exploit the issue to obtain unauthorized access to critical data or complete access to Oracle Configurator accessible data, and urged customers to apply the update as soon as possible.

    Show sources