Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle E-Business Suite CVE-2025-61884 emergency security update

Security Patch Release
First reported
Last updated
Happening score
H score 56
1 unique sources, 3 articles

Summary

Hide ▲

Oracle E-Business Suite CVE-2025-61884 is an unauthenticated SSRF flaw in the Oracle Configurator runtime that CISA says is being actively exploited. Oracle disclosed the issue on October 11, rated it CVSS 7.5, and told federal agencies to patch by November 10, 2025. Reporting ties the abuse to July attacks and a leaked exploit associated with ShinyHunters and the Scattered Lapsus$ extortion group, while separating it from the distinct CVE-2025-61882 activity against /OA_HTML/SyncServlet attributed to Clop.

Cases

Oracle E-Business Suite CVE-2025-61882 exploitation, extortion, and breach fallout (6) Oracle E-Business Suite CVE-2025-61882 exploitation, extortion, and breach fallout (6)

Related Happenings

Citrix security patch release for CVE-2026-3055

Security Patch Release
First: 24.03.2026 07:59 Last: 24.03.2026 07:59 Sources 1

About this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...

Open Happening

Oracle security patch release for CVE-2026-21992

Security Patch Release
First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Open Happening

CISA KEV listing for Wing FTP CVE-2025-47813

Public Sector Action
First: 17.03.2026 07:23 Last: 17.03.2026 07:23 Sources 1

About this happening: CISA added **CVE-2025-47813** in **Wing FTP Server** to the **KEV catalog** after evidence of **active exploitation**, putting the flaw under formal government tracking. The listi...

Open Happening

SolarWinds security patch release for CVE-2025-40538

Security Patch Release
First: 25.02.2026 09:04 Last: 25.02.2026 09:04 Sources 1

About this happening: **SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...

Open Happening

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

Open Happening

Timeline

  1. 13.10.2025 17:42 4 articles · 7mo ago

    Oracle issues emergency patch for CVE-2025-61884 in E-Business Suite

    Mitigation Patch Update

    Oracle issued an emergency out-of-band update for Oracle E-Business Suite instances affected by CVE-2025-61884, an information disclosure flaw in the Runtime UI component affecting versions 12.2.3 to 12.2.14 that is remotely exploitable without authentication and could expose sensitive data. Oracle said the vulnerability has a CVSS Base Score of 7.5 and urged customers to apply the updates or mitigations as soon as possible.

    Show sources
    Open in new tab