← Retour aux CVEs
CVE-2025-61884
HIGHCISA KEV7.5
Description
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Details CVE
Score CVSS v3.17.5
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/12/2025
Derniere modification10/27/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurOracle
ProduitE-Business Suite
Nom vulnerabiliteOracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
Date ajout KEV2025-10-20
Date limite remediation2025-11-10
Utilise dans ransomwareKnown
Produits affectes
oracle:configurator
Faiblesses (CWE)
CWE-22CWE-93CWE-287CWE-444CWE-501CWE-918
References
https://www.oracle.com/security-alerts/alert-cve-2025-61884.html(secalert_us@oracle.com)
https://blogs.oracle.com/security/post/apply-july-2025-cpu(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.