CVE-2025-61884: Novel Oracle E-Business Suite Vulnerability Enables Remote Theft of Sensitive Data Without Login
Following the recent disclosure of the zero-day remote code execution vulnerability CVE-2025-61882 in Oracle E-Business Suite (EBS), the vendor has reported another major security flaw in the same product. The new vulnerability, tracked as CVE-2025-61884, can be successfully exploited to gain unauthorized access to critical data or full access to all data accessible through the Oracle Configurator.
The year 2025 has seen a record surge in reported software vulnerabilities, with over 21,000 CVEs disclosed in H1’25, averaging approximately 133 new flaws every day. Alarmingly, more than one-third of these vulnerabilities are rated as High Severity or Critical, highlighting an increased risk of exploitation and underscoring the urgent need for robust cybersecurity measures.
Sign up for the SOC Prime Platform to access the global active threats feed, which offers real-time cyber threat intelligence and curated detection algorithms to address emerging threats. All the rules are compatible with multiple SIEM, EDR, and Data Lake formats and mapped to the MITRE ATT&CK® framework. Additionally, each rule is enriched with CTI links, attack timelines, audit configurations, triage recommendations, and more relevant context. Press the Explore Detections button to see the entire detection stack for proactive defense against critical vulnerabilities filtered by the “CVE” tag.
Security engineers can also leverage Uncoder AI, an IDE and co-pilot for detection engineering. With Uncoder, defenders can instantly convert IOCs into custom hunting queries, craft detection code from raw threat reports, generate Attack Flow diagrams, enable ATT&CK tags prediction, leverage AI-driven query optimization, and translate detection content across multiple platforms.
CVE-2025-61884 Analysis
Oracle has recently issued a security advisory warning of a newly discovered vulnerability in its Configurator product of E-Business Suite, which could enable unauthorized access to sensitive information. The flaw, identified as CVE-2025-61884, has been assigned a CVSS score of 7.5, marking it as critical. The vulnerability affects some deployments of E-Business Suite, including versions 12.2.3 through 12.2.14. The issue is easily exploitable and allows an unauthenticated remote attacker with HTTP network access to compromise Oracle Configurator. Upon CVE-2025-61884 successful exploitation, this could lead to unauthorized access to critical or complete configuration data.
This disclosure follows recent reports from Google’s Threat Intelligence Group (GTIG) and Mandiant, which revealed that dozens of organizations may have been affected by zero-day attacks exploiting CVE-2025-61882 in Oracle’s E-Business Suite. Notably, the newly uncovered CVE-2025-61884 impacts the same EBS versions as CVE-2025-61882.
Although there is currently no evidence of CVE-2025-61884 being used in in-the-wild attacks, an Oracle customer has already reported that an earlier release, version 12.1.3, is also potentially at risk of exposure. Further updates to the patch availability documentation may be issued in the coming days. The vendor emphasized that the vulnerability is remotely exploitable without authentication, urging customers to apply the security patch immediately as CVE-2025-61884 mitigation measures.
Given the growing threat of vulnerability exploitation in widely used software such as Oracle EBS, organizations are seeking effective methods to strengthen their proactive security posture and stay one step ahead of adversaries. SOC Prime curates a complete product suite for enterprise-ready security backed by AI, automation, and real-time threat intelligence, helping global organizations outscale cyber threats they anticipate most.
