Oracle on Saturday issued a security alert warning of new security flaws affecting its E-Business Suite that could potentially allow unauthorized access to sensitive data.
Vulnerabilities are tracked as follows CVE-2025-61884the CVSS score is 7.5, indicating high severity. Affected versions are 12.2.3 to 12.2.14.
“Easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator,” according to the flaw description in NIST’s National Vulnerability Database (NVD). “Successful attacks of this vulnerability could result in unauthorized access to critical data or complete access to all data accessible by Oracle Configurator.”
Oracle said in a separate warning that the flaw can be exploited remotely with no authentication required and it is important for users to apply the update as soon as possible. However, the company did not mention that it was actually being exploited.
Rob Duhart, Oracle’s chief security officer, said the vulnerability affects “some deployments” of E-Business Suite and could be weaponized to gain access to sensitive resources.
This development comes on the heels of Google Threat Intelligence Group (GTIG) and Mandiant revealing that dozens of organizations may have been affected by a zero-day exploit of CVE-2025-61882 in Oracle’s E-Business Suite (EBS) software.
This attack is known to leverage this vulnerability to trigger two different payload chains to drop malware families including GOLDVEIN.JAVA, SAGEGIFT, SAGELEAF, and SAGEWAVE.
The tech giant did not explicitly attribute this activity to any specific named attacker or group, but the attackers are believed to be orchestrated by a group of hackers with ties to the Cl0p ransomware group.
