CVE-2025-61884: Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

CVE ID

CVE-2025-61884

Vulnerability Name

Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

• Project: Oracle
• Product: E-Business Suite

Date

• Date Added: 2025-10-20
• Due Date: 2025-11-10

Description

Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884

Related Security News

• CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
• Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List