The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle E-Business Suite vulnerability to its Known Exploited Vulnerabilities catalog after detecting active exploitation in the wild.
The security flaw, tracked as CVE-2025-61884, poses significant risks to organizations running the widely-deployed enterprise resource planning software.
CVE-2025-61884 is a server-side request forgery vulnerability affecting the Runtime component of Oracle Configurator within Oracle E-Business Suite.
The flaw allows remote attackers to exploit the vulnerability without requiring any authentication credentials, making it particularly dangerous for exposed systems.
| CVE ID | Affected Product | Vulnerability Type |
| CVE-2025-61884 | Oracle E-Business Suite (Runtime component of Oracle Configurator) | Server-Side Request Forgery (SSRF) |
Server-side request forgery attacks enable threat actors to manipulate the server into making unauthorized requests to internal or external resources, potentially exposing sensitive data or facilitating deeper network penetration.
The vulnerability received a CWE-918 classification, which specifically identifies SSRF weaknesses where applications fail to validate user-supplied URLs properly.
Security researchers warn that attackers exploiting this flaw could bypass network access controls, interact with internal services, and potentially exfiltrate confidential information from backend systems.
The remote exploitability without authentication makes this vulnerability especially attractive to cybercriminals seeking easy entry points into corporate networks.
CISA added CVE-2025-61884 to the Known Exploited Vulnerabilities catalog on October 20, 2025, signaling confirmed active exploitation attempts.
Federal agencies operating Oracle E-Business Suite installations must apply security patches or implement vendor-recommended mitigations by November 10, 2025, according to Binding Operational Directive 22-01.
Organizations unable to remediate the vulnerability within the specified timeframe should discontinue using the affected product until proper protections can be implemented.
While CISA has not yet confirmed whether this vulnerability has been weaponized in ransomware campaigns, the unknown status emphasizes the need for caution.
Organizations should follow applicable BOD 22-01 guidance for cloud services and coordinate with Oracle to obtain the latest security updates addressing this critical flaw.
Security teams managing Oracle E-Business Suite deployments should immediately review their installations for exposure to CVE-2025-61884.
Priority actions include applying vendor-supplied patches, implementing network segmentation to limit potential SSRF exploitation, and monitoring for suspicious outbound requests from Oracle Configurator components.
Organizations should also conduct thorough security assessments to identify any indicators of compromise that may suggest prior exploitation attempts.
The addition of this vulnerability to CISA’s catalog underscores the critical importance of maintaining current patch levels for enterprise applications and implementing defense-in-depth strategies to protect against emerging threats.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
