CVE-2025-61884
Published: 12 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-61884 is a vulnerability in the Oracle Configurator product of Oracle E-Business Suite, specifically affecting the Runtime UI component. Supported versions 12.2.3 through 12.2.14 are impacted. It carries a CVSS 3.1 Base Score of 7.5 (vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), with Confidentiality impacts rated High. The issue is associated with multiple CWE identifiers, including CWE-22 (Path Traversal), CWE-93 (Improper Neutralization of CRLF Sequences), CWE-287 (Improper Authentication), CWE-444 (Inconsistent Interpretation of HTTP Requests), CWE-501 (Trust Boundary Violation), and CWE-918 (Server-Side Request Forgery).
The vulnerability is easily exploitable by an unauthenticated attacker with network access via HTTP, allowing them to compromise the Oracle Configurator. Successful exploitation results in unauthorized access to critical data or complete access to all data accessible by Oracle Configurator.
Oracle advisories, including the security alert for CVE-2025-61884 and the July 2025 Critical Patch Update blog post, recommend applying the latest patches to mitigate the issue. Additional references include analysis from Watchtowr Labs on related Oracle E-Business Suite vulnerabilities and listing in the CISA Known Exploited Vulnerabilities catalog.
This vulnerability appears in the context of broader Oracle E-Business Suite issues, with CISA confirming active exploitation in the wild.
Details
- CWE(s)
- KEV Date Added
- 20 October 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unauthenticated remote exploitation of a public-facing HTTP web application (Oracle Configurator Runtime UI) via multiple CWEs including path traversal and SSRF, enabling unauthorized data access, directly maps to T1190: Exploit Public-Facing Application.