CVE-2025-61884

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.14

Description A remotely exploitable vulnerability exists in the Oracle Configurator component of Oracle E-Business Suite. This flaw allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Configurator. Successful exploitation can lead to unauthorized access to critical data or complete exposure of all data accessible via Oracle Configurator. This vulnerability is actively exploited in the wild, with threat actors, including those linked to the Cl0p ransomware group and ShinyHunters, leveraging it for malicious purposes. Reports indicate that over 18,000 instances are exposed globally, with a significant concentration in the U.S., China, and India. Exploitation has been observed in data breaches, such as the incident affecting The Washington Post, where personal and financial data of approximately 10,000 individuals was compromised. The vulnerability is a Server-Side Request Forgery (SSRF) flaw.

Recommendations Apply the security updates provided by Oracle as soon as possible for all affected versions.