Share This:

Cybersecurity Threat AdvisoryOracle has issued a warning about a new security flaw in its E-Business Suite (EBS), tracked as CVE-2025-61884, with a CVSS score of 7.5. This vulnerability is remotely exploitable without authentication via HTTP and targets Oracle Configurator, a module used within EBS. Review the details in this Cybersecurity Threat Advisory to help mitigate the effects of this vulnerability.

What is the threat?

The vulnerability poses a serious threat to enterprises running Oracle EBS, which supports essential functions including finance, manufacturing, and supply chain management. If exploited, the flaw could allow attackers to bypass authentication entirely and access sensitive data.

Why is it noteworthy?

The flaw resides in the Runtime UI of Oracle Configurator, which is used to manage product and service configurations. According to Oracle and NIST, successful exploitation could allow attackers to retrieve configuration or system data without credentials. Because it primarily impacts confidentiality, CVE-2025-61884 is considered a data exfiltration risk rather than a denial-of-service (DoS) vulnerability.

What is the exposure or risk?

The vulnerability affects Oracle EBS versions 12.2.3 through 12.2.14. It is network-accessible, low in complexity, and requires no user interaction or privileges, making it especially dangerous for internet-facing deployments. Attackers can exploit it remotely over HTTP without needing insider access or privilege escalation, putting critical enterprise data at risk.

What are the recommendations?

Barracuda recommends the following to mitigate the effects this vulnerability:

  • Apply the latest patches to ensure all systems are up-to-date.
  • Migrate from unsupported or outdated versions and apply configuration hardening baselines to reduce exposure.
  • Perform frequent vulnerability scans, maintain secure offline backups, and update incident response plans to address enterprise resource planning (ERP) specific threats.

References

For more in-depth information on the above recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.


Share This:
Zachary Beaudet

Posted by Zachary Beaudet

Zachary is a Cybersecurity Analyst at Barracuda MSP. He's a security expert, working on our Blue Team within our Security Operations Center. Zachary supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.