CVE-2025-61884: Unauthenticated Remote Access Risk in Oracle E-Business Suite

On October 11 2025, Oracle issued a Security Alert addressing a severe vulnerability impacting the Oracle E-Business Suite (EBS). While Oracle did not confirm active exploitation, this vulnerability impacts the same Oracle EBS platform that has been targeted by an extortion group over the past three months, raising the likelihood of future exploitation. Oracle strongly urges all customers to apply the provided patches immediately to mitigate potential attacks.

Severity: High

Vulnerability details

• CVE ID: CVE-2025-61884
• CVSS Score: 7.5
• Affected Product: Oracle E-Business Suite versions 12.2.3 – 12.2.14
• Description: This is a remotely exploitable flaw that could enable an unauthenticated attacker to access or manipulate sensitive data within Oracle EBS applications. The vulnerability lies in how the Configurator Runtime UI processes HTTP requests. Because exploitation requires no user credentials or interaction, this bug poses an elevated risk in enterprise environments where EBS instances are exposed to external networks.

Impact

Successful exploitation could allow attackers to:

• Gain unauthorized access to confidential business data stored or processed in Oracle EBS.
• Manipulate configuration logic or system parameters.
• Establish a foothold for data theft or extortion operations.
• Potentially disrupt enterprise operations dependent on EBS workflows.

Threat Context

• Over the past quarter, the CL0P ransomware group has actively targeted Oracle EBS environments in a global extortion campaign.
• CL0P exploited a distinct but closely related Oracle EBS zero-day (CVE-2025-61882, CVSS 9.8) to compromise on-premise ERP systems, exfiltrate sensitive data, and issue ransom demands.
• While CVE-2025-61884 is a newly disclosed vulnerability, given that CL0P’s intrusion tooling and TTPs directly target Oracle EBS HTTP-based interfaces, the likelihood of weaponization is high if organizations delay patching.

Recommendations

1. Apply October 11, 2025 patch for Oracle EBS addressing CVE-2025-61884.
2. Upgrade older, unsupported versions of Oracle EBS to ensure patch availability.
3. Restrict network access to the Configurator Runtime UI interface where possible.

Source:

• https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
• https://blogs.oracle.com/security/post/alert-cve-2025-61884

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.