New Oracle E-Business Suite Flaw Exploited in the Wild, CISA Issues Warning

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are actively exploiting a serious vulnerability in Oracle’s E-Business Suite. The flaw, identified as CVE-2025-61884, is a Server-Side Request Forgery (SSRF) bug found in the Oracle Configurator component. It allows attackers to send unauthorized requests to internal systems. CISA has now added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, confirming that real-world attacks are underway.

This vulnerability affects Oracle E-Business Suite versions 12.2.3 through 12.2.14. What makes it especially dangerous is that hackers can exploit it remotely, without needing any login credentials. The bug lies in the Runtime UI of the Oracle Configurator, which can be accessed over a network. This means even external attackers could potentially reach sensitive systems if patches are not applied quickly.

According to official reports, the flaw has been rated with a CVSS score of 7.5, which marks it as a high-severity issue. Successful exploitation could allow attackers to access or steal important business data handled by the Oracle Configurator. In some cases, they could even gain complete control over information processed by the system. The combination of easy exploitability and potential data exposure makes it a critical security concern.

CISA added this vulnerability to its KEV catalog on October 20, 2025, which means it is confirmed to be used in active attacks. The agency has instructed federal agencies to fix the flaw before November 10, 2025. When a vulnerability appears on the KEV list, it becomes mandatory for U.S. government systems to patch it immediately. CISA also strongly advises all other organizations to follow the same urgency.

Oracle had already released a security alert on October 11, 2025, warning customers about the issue. The company provided official patches for all affected product versions and urged users to apply them without delay. Oracle stated that the vulnerability could be exploited to send malicious requests through the Configurator, leading to unauthorized access or data leaks. Organizations that delay updates remain highly exposed.

Cybersecurity researchers have observed that threat actors have been using this vulnerability in data theft and extortion campaigns. Several attacks have been traced back to groups targeting Oracle E-Business Suite servers. These attacks focus on exploiting SSRF flaws to gain access to corporate systems and exfiltrate confidential information. Once data is stolen, attackers often threaten to leak it publicly unless victims pay a ransom.

Experts warn that because this flaw can be exploited remotely and without authentication, it represents a major risk for any unpatched Oracle E-Business Suite installation. Businesses relying on this software for financial or operational processes are especially at risk. Attackers can use the SSRF flaw to move deeper into the network, steal data, or disrupt business operations. The longer organizations wait, the greater the chance of compromise.

To stay safe, all users of Oracle E-Business Suite should immediately apply the patches released by Oracle. They should also restrict external network access to administrative interfaces and check their systems for suspicious activity. Reviewing server logs for unusual traffic or unauthorized requests may reveal early signs of exploitation. Acting quickly and following Oracle and CISA’s guidance can prevent serious damage and protect valuable data from being exposed.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news