Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of High Severity Vulnerability in Oracle E-Business Suite

24 October 2025

Oracle has released security updates to address a high severity vulnerability (CVE‑2025‑61884) in the Oracle Configurator product of its E‑Business Suite.

Background

Oracle has released security updates to address a high severity vulnerability (CVE‑2025‑61884) in the Oracle Configurator product of its E‑Business Suite.

Impact

Successful exploitation of the server side request forgery (SSRF) vulnerability could allow a remote, unauthenticated attacker to access sensitive resources.

Known Exploitation

The proof-of-concept exploit is reportedly publicly available.

Affected Products

The vulnerability affects Oracle E‑Business Suite versions 12.2.3 through 12.2.14.

Mitigation

Users and administrators of the affected product versions are strongly advised to update to the latest versions immediately.

References

https://www.oracle.com/security-alerts/alert-cve-2025-61884.html

https://nvd.nist.gov/vuln/detail/CVE-2025-61884

https://www.bleepingcomputer.com/news/security/oracle-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/

Back to top