New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

Retrieved on: 2025-10-12 17:29:10

Tags for this article:

Computer security

Vulnerability database

Common Vulnerability Scoring System

National Vulnerability Database

Vulnerability

Common Vulnerabilities and Exposures

Zero-day vulnerability

Oracle Corporation

Oracle

Click the tags to see associated articles and topics

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login. View article details on hiswai:

Summary

Oracle security experts have issued an urgent alert for a critical vulnerability in the company's E-Business Suite that could expose sensitive data to unauthorized access.

The newly discovered flaw, designated CVE-2025-61884, affects Oracle E-Business Suite versions 12.2.3 through 12.2.14 with a high-severity CVSS score of 7.5. This vulnerability allows unauthenticated attackers to remotely compromise Oracle Configurator through network access via HTTP, potentially gaining complete access to all accessible data. The timing is particularly concerning as it follows recent zero-day exploitations of another Oracle vulnerability that impacted dozens of organizations.

High-severity vulnerability with CVSS score of 7.5 affects multiple E-Business Suite versions
No authentication required for remote exploitation, making immediate patching crucial
Complete data access possible through successful attacks on Oracle Configurator
Recent attack context follows zero-day exploitations linked to Cl0p ransomware group

Article found on: thehackernews.com

View Original Article