Security Flaw in Oracle E-Business Suite Components
CVE-2025-61884

7.5HIGH

Key Information:

Vendor

Oracle
Status
Oracle Configurator
Vendor
CVE Published:
12 October 2025

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 5,950📰 News Worthy

What is CVE-2025-61884?

CVE-2025-61884 is a security vulnerability found in the Oracle E-Business Suite, specifically within the Oracle Configurator component, which plays a crucial role in managing complex configurations and product offerings for enterprises. This vulnerability poses a serious risk to organizations, as it allows an unauthenticated attacker with network access via HTTP to potentially exploit Oracle Configurator. If successfully exploited, attackers could gain unauthorized access to sensitive data or even achieve complete control over all data accessible through the Oracle Configurator. The vulnerability has been assigned a CVSS 3.1 base score of 7.5, indicating a high level of severity primarily due to its potential impact on confidentiality.

Potential impact of CVE-2025-61884

  1. Unauthorized Data Access: The vulnerability may allow attackers to access critical and confidential data, leading to potential data breaches that could expose sensitive business information.

  2. System Compromise: Successful exploitation may also grant complete control over the Oracle Configurator component, allowing malicious actors to manipulate configurations, disrupt operations, or launch further attacks on integrated systems.

  3. Reputational Damage: Organizations affected by this vulnerability may face significant reputational harm if sensitive data is compromised, leading to loss of customer trust and potential legal ramifications.

Affected Version(s)

Oracle Configurator 12.2.3 <= 12.2.14

News Articles

favicon imageDark Reading

Harvard University Breached in Oracle Zero-Day Attack

The Clop ransomware group claimed responsibility for stealing the university's data as part of a broader campaign against Oracle customers.

4 days ago

favicon imageBleepingComputer

Oracle silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group.

5 days ago

favicon imageBleepingComputer

Oracles silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group.

5 days ago

References

https://www.oracle.com/security-alerts/alert-cve-2025-618...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 📰

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61884 : Security Flaw in Oracle E-Business Suite Components