Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 10, 2025

High
CISA KEVRansomware

CVE-2025-61884

OracleE-Business Suite

Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.

Required Action

https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884

Vulnerability Overview

Severity
High
CISA KEV
Yes
Ransomware
Known
Published
Oct 20, 2025
KEV Added
Oct 20, 2025
Due Date
Nov 10, 2025
Related Articles
0

Vendor

Oracle

E-Business Suite