Oracle has issued a security alert regarding a significant flaw in its E-Business Suite, which could enable unauthorized access to sensitive data. The vulnerability, designated as CVE-2025-61884, has a CVSS score of 7.5, indicating it is of high severity. This flaw affects several versions, specifically from 12.2.3 to 12.2.14.
According to the National Vulnerability Database, the vulnerability allows an unauthenticated attacker with network access via HTTP to exploit the Oracle Configurator, potentially leading to unauthorized access to critical data or complete access to all data accessible through Oracle Configurator.
Oracle emphasizes the need for immediate updates due to the flaw’s potential for remote exploitation without authentication. They have not reported any incidents of it being exploited in the wild as of now. However, Oracle’s Chief Security Officer, Rob Duhart, clarified that the vulnerability may affect specific deployments of the E-Business Suite and poses risks to sensitive resources.
This warning follows recent disclosures by the Google Threat Intelligence Group and Mandiant, which revealed attacks on numerous organizations that used a different zero-day vulnerability, CVE-2025-61882, in Oracle’s E-Business Suite software. These attacks reportedly utilized the vulnerability to deploy various malware families, potentially connected to a hacking group associated with the Cl0p ransomware gang.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.