Oracle has issued a security alert about a newly discovered vulnerability in its widely used Oracle E-Business Suite (EBS). The flaw, identified as CVE-2025-61884, is rated high severity with a CVSS score of 7.5 and could allow hackers to access sensitive business data without needing a username or password.
This security issue affects Oracle E-Business Suite versions 12.2.3 through 12.2.14, which are commonly used by organizations worldwide for financials, supply chain management, HR, manufacturing, and CRM operations.
According to the National Vulnerability Database (NVD), the flaw lies in the Oracle Configurator module, a tool used by companies to manage complex product configurations. The vulnerability is categorized as “easily exploitable” and can be abused over the network through HTTP, meaning attackers can launch attacks remotely using just a web browser or crafted malicious requests.
The NVD explains that successful exploitation of this flaw could lead to:
Unauthorized access to critical business data
Possible exposure of financial records, customer information, and internal configurations
Complete access to Oracle Configurator data without authentication
In simple terms, this means a cybercriminal could bypass security checks and access confidential information from affected Oracle EBS systems even if they do not have valid login credentials.
Oracle published an emergency security alert urging all Oracle E-Business Suite customers to apply the latest security patch immediately. The company warned that the vulnerability is remotely exploitable and requires no authentication, making it extremely dangerous for businesses that expose their EBS applications to employees, partners, or customers over the internet.
Oracle stated that while there is no official confirmation yet of active exploitation in the wild, the company recommends strong precaution due to the nature of the flaw.
Rob Duhart, Oracle’s Chief Security Officer, confirmed that the issue affects “some deployments of Oracle E-Business Suite” and could allow attackers to access sensitive business systems without permission.
This new vulnerability is especially concerning because it comes just weeks after another critical flaw, CVE-2025-61882, was exploited as a zero-day vulnerability in Oracle E-Business Suite. That earlier flaw allowed hackers to infiltrate corporate systems before a patch was available.
Cybersecurity teams from Google Threat Intelligence Group (GTIG) and Mandiant released a joint report revealing that dozens of organizations worldwide were already targeted using CVE-2025-61882. Attackers used that exploit to deploy malware payloads such as:
GOLDVEIN.JAVA
SAGEGIFT
SAGELEAF
SAGEWAVE
Although the threat actors have not yet been officially identified, early analysis suggests they may be linked to a known cybercrime group connected to Cl0p ransomware operations.
Oracle E-Business Suite powers mission-critical business operations in large enterprises, banks, manufacturing firms, and government agencies. It contains financial data, payroll records, supplier contracts, and strategic planning documents—extremely valuable information for cybercriminals.
Hackers often target Oracle EBS environments because:
| Reason | Risk Level |
|---|---|
| Contains sensitive corporate data | Very High |
| Accessible through web interfaces | High |
| Legacy systems often unpatched | High |
| Used by global Fortune 500 companies | Critical |
| Complex deployments delay patching | High |
Cybersecurity experts strongly recommend that organizations using Oracle EBS act now to prevent potential breaches.
Immediate Security Actions
Apply Oracle’s emergency patch for CVE-2025-61884
Restrict external access to Oracle EBS via firewall rules
Enable network monitoring for unusual HTTP activity
Disable public access to Oracle Configurator if not required
Review user access and security configuration policies
Conduct vulnerability scans on Oracle environments
Enable Web Application Firewall (WAF) protection
Security professionals have expressed concern that Oracle EBS vulnerabilities are becoming a popular attack route for cybercriminals.
According to Mandiant analysts:
“Oracle EBS is a goldmine for attackers. Any vulnerability that can be exploited remotely without authentication must be treated as a critical priority.”
GTIG researchers added:
“The exploitation pattern we are tracking shows professional coordination, likely driven by financially motivated cybercrime operators.”
This latest Oracle vulnerability highlights the growing risk facing enterprise ERP systems. Even though Oracle has released a fix, companies that delay patching remain at high risk of financial loss, data breaches, or ransomware attacks.
With the earlier CVE-2025-61882 already exploited, it is possible that CVE-2025-61884 could be added to the same attack toolkit used by advanced threat actors.
Businesses using Oracle E-Business Suite should take immediate action to protect their data and systems before attackers take advantage of this critical vulnerability.
Interesting Article : CVE-2025-11371 Under Attack: Gladinet and TrioFox Servers Exploited in the Wild