CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. [...]
Oracle develops databases, cloud services, and business software; vulnerabilities in these products can expose sensitive data and systems.
Search across headline titles and summaries.
Background for this topic.
Oracle is an enterprise technology ecosystem best known in security contexts for Oracle Database, along with Java, application servers, business applications, and cloud services. These products often process sensitive business and personal data, so the tag commonly covers vulnerabilities, insecure configurations, and security updates affecting Oracle software and its integrations.
Material risks include exposed database listeners or management interfaces, excessive privileges, weak authentication, SQL injection, and vulnerable components that may permit unauthorized queries or code execution. Practitioners should inventory Oracle versions and dependencies, apply relevant security updates through controlled testing, restrict network access, enforce least privilege and encryption, and monitor database activity. Advisories should be assessed against the exact product and release, exploit prerequisites, and available mitigations; unsupported versions may remain exposed to known flaws.
CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks
Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues.