A recent security alert issued by Oracle has raised concerns over a vulnerability in its E-Business Suite. This flaw, designated as CVE-2025-61884, holds a CVSS score of 7.5, indicating a high level of severity. It impacts versions ranging from 12.2.3 to 12.2.14 of the software.
Vulnerability Details
The identified vulnerability allows unauthorized access to critical data through the Oracle Configurator. According to the National Vulnerability Database (NVD), this issue can be exploited remotely without requiring any form of authentication.
- Vulnerability ID: CVE-2025-61884
- CVSS Score: 7.5 (High Severity)
- Affected Versions: 12.2.3 to 12.2.14
- Access Type: Remote, unauthenticated via HTTP
Potential Impact
If successfully exploited, this vulnerability could provide unauthorized access to sensitive data and allow attackers to retrieve all data accessible via the Oracle Configurator. Oracle has emphasized the importance of addressing this vulnerability promptly, although there have been no confirmed reports of active exploitation in the wild.
Rob Duhart, Oracle’s Chief Security Officer, noted that the vulnerability affects specific deployments of the E-Business Suite. He cautioned that it could be weaponized to gain access to sensitive resources.
Recent Attack Context
This alert comes in the wake of findings by the Google Threat Intelligence Group (GTIG) and Mandiant, which revealed that numerous organizations may have faced threats associated with a different vulnerability, CVE-2025-61882. This earlier flaw had been exploited through various payload chains that deployed several malware families, including GOLDVEIN.JAVA and SAGEWAVE.
While the nature of the attacks has not been officially attributed to a specific hacking group, there are indications of involvement from actors linked to the Cl0p ransomware group. Organizations using Oracle E-Business Suite should prioritize applying the necessary security updates to mitigate these risks.
