Unauthenticated access vulnerability in Oracle E-Business Suite Configurator

First reported

12.10.2025 20:24

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A critical vulnerability in Oracle E-Business Suite (EBS) allows unauthenticated attackers to access sensitive data via HTTP. The flaw, CVE-2025-61884, affects versions 12.2.3 through 12.2.14 and has a CVSS score of 7.5. Oracle has issued a security alert and patch, but exploitation in the wild has not been reported. The vulnerability is in Oracle Configurator and could lead to unauthorized access to critical data or complete access to all accessible data. This development follows recent disclosures of zero-day exploitation in EBS software, attributed to a group with ties to the Cl0p ransomware group.

Timeline

12.10.2025 20:24 1 articles · 6h ago

Oracle E-Business Suite vulnerability CVE-2025-61884 disclosed
Oracle has disclosed a critical vulnerability, CVE-2025-61884, in E-Business Suite versions 12.2.3 through 12.2.14. The flaw allows unauthenticated attackers to access sensitive data via HTTP. Oracle has issued a security alert and patch, but no exploitation in the wild has been reported. The vulnerability affects Oracle Configurator and could lead to unauthorized access to critical data. This disclosure follows recent attacks leveraging CVE-2025-61882, attributed to a group with ties to the Cl0p ransomware group.
Show sources

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login — thehackernews.com — 12.10.2025 20:24
Open in new tab

Information Snippets

The vulnerability, CVE-2025-61884, affects Oracle E-Business Suite versions 12.2.3 through 12.2.14.
First reported: 12.10.2025 20:24

1 source, 1 article
Show sources
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login — thehackernews.com — 12.10.2025 20:24
The flaw allows unauthenticated attackers to access sensitive data via HTTP.
First reported: 12.10.2025 20:24

1 source, 1 article
Show sources
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login — thehackernews.com — 12.10.2025 20:24
The CVSS score for CVE-2025-61884 is 7.5, indicating high severity.
First reported: 12.10.2025 20:24

1 source, 1 article
Show sources
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login — thehackernews.com — 12.10.2025 20:24
Oracle has issued a security alert and patch for the vulnerability.
First reported: 12.10.2025 20:24

1 source, 1 article
Show sources
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login — thehackernews.com — 12.10.2025 20:24
The vulnerability affects Oracle Configurator and could lead to unauthorized access to critical data.
First reported: 12.10.2025 20:24

1 source, 1 article
Show sources
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login — thehackernews.com — 12.10.2025 20:24
Recent attacks leveraged CVE-2025-61882 to drop malware families like GOLDVEIN.JAVA, SAGEGIFT, SAGELEAF, and SAGEWAVE.
First reported: 12.10.2025 20:24

1 source, 1 article
Show sources
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login — thehackernews.com — 12.10.2025 20:24
The attacks are believed to be orchestrated by a group with ties to the Cl0p ransomware group.
First reported: 12.10.2025 20:24

1 source, 1 article
Show sources
- New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login — thehackernews.com — 12.10.2025 20:24

Summary

Timeline

Oracle E-Business Suite vulnerability CVE-2025-61884 disclosed

Information Snippets