⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.. Due date: 2025-11-10.

CVE-2025-61884Path Traversal in Corporation Oracle Configurator

CWE-22Path TraversalCWE-93CRLF InjectionCWE-287Improper AuthenticationCWE-444HTTP Request SmugglingCWE-501Trust Boundary ViolationCWE-918Server-Side Request Forgery14 documents9 sources
Severity
7.5HIGHNVD
EPSS
60.8%
top 1.70%
CISA KEV
KEVRansomware
Added 2025-10-20
Due 2025-11-10
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Corporation Oracle ConfiguratorOracle Configurator
Timeline
PublishedOct 12
KEV addedOct 20
Latest updateOct 21
KEV dueNov 10
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Ve

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDoracle/configurator12.2.312.2.14
CVEListV5oracle_corporation/oracle_configurator12.2.312.2.14

🔴Vulnerability Details

3
GHSA
GHSA-rcj9-qvh8-q3c8: Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI)2025-10-12
CVEList
CVE-2025-61884: Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI)2025-10-12
VulnCheck
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability2025

💥Exploits & PoCs

1
Nuclei
Oracle E-Business Suite - Server-Side Request Forgery

🔍Detection Rules

4
Suricata
ET WEB_SERVER Oracle E-Business Suite (EBS) Authentication Filter Bypass (apps. example. com) (CVE-2025-61884)2025-10-08
Suricata
ET WEB_SERVER Oracle E-Business Suite (EBS) XSL Transformation Outbound Fetch (CVE-2025-61884)2025-10-08
Suricata
ET WEB_SERVER Oracle E-Business Suite (EBS) Unauthenticated Server-Side Request Forgery (CVE-2025-61884)2025-10-08
Suricata
ET WEB_SERVER Oracle E-Business Suite (EBS) CRLF Injection (CVE-2025-61884)2025-10-08

📋Vendor Advisories

1
CISA
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability2025-10-20

🕵️Threat Intelligence

4
Bleepingcomputer
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw2025-10-21
Bleepingcomputer
Oracle silently fixes zero-day exploit leaked by ShinyHunters2025-10-14
Bleepingcomputer
Oracle releases emergency patch for new E-Business Suite flaw2025-10-13
Tenable
CVE-2025-61882 Cl0p Exploited Oracle Zero-Day | Tenable®2025-10-05
CVE-2025-61884 — Path Traversal | cvebase