CVE-2025-61884
HIGHCVSS v3
7.5
HIGH
EPSS Score
41.6%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Technical Details
- Published
- 10/12/2025
Frequently Asked Questions
What is CVE-2025-61884?
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Is CVE-2025-61884 actively exploited?
Active exploitation of CVE-2025-61884 has not been confirmed. The EPSS score is 41.6%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-61884?
CVE-2025-61884 has a CVSS v3 base score of 7.5 (HIGH severity).
Is CVE-2025-61884 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.