The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that attackers are actively exploiting a critical server-side request forgery (SSRF) vulnerability, CVE-2025-61884, in Oracle E-Business Suite’s Configurator runtime component. Federal agencies have been directed to patch this flaw by November 10, 2025, as it is now listed in CISA’s Known Exploited Vulnerabilities catalog.
CVE-2025-61884, which carries a severity rating of 7.5, allows attackers to gain unauthorized access to sensitive data or even full access to all Oracle Configurator data. The vulnerability was first disclosed by Oracle on October 11, 2025, but the company did not initially confirm exploitation, despite evidence that the exploit was leaked by threat actors ShinyHunters and Scattered Lapsus$ in July. The patch fixes the SSRF flaw by validating the “return_url” parameter provided by attackers, blocking malicious requests if validation fails.
In early October, cybersecurity firm Mandiant disclosed that the Clop ransomware group had been extorting organizations using Oracle E-Business Suite zero-day flaws. Oracle responded by stating that Clop had exploited vulnerabilities patched in July. On October 3, ShinyHunters leaked an exploit for Oracle EBS, which was later linked t
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: