CISA warns about the active exploitation of the Oracle E-Business Suite vulnerability CVE-2025-61884, urging immediate patching. The vulnerabilityโs exploitation has been linked to attacks by threat groups such as Clop, with previous leaks by ShinyHunters and Lapsus$ impacting organizations. #CVE-2025-61884 #ShinyHunters #Clop
Keypoints
- CISA has added CVE-2025-61884 to its Known Exploited Vulnerabilities catalog, requiring patching by November 10, 2025.
- The flaw is an unauthenticated SSRF vulnerability in Oracle Configurator, rated 7.5 in severity.
- Threat actors, including Clop, have exploited previous vulnerabilities in Oracle E-Business Suite for data theft and extortion.
- Oracleโs patch addresses the flaw by validating attacker-supplied return_url parameters using regular expressions.
- Confusion remains over the IOC listing for CVE-2025-61882 and CVE-2025-61884, with Oracle not clarifying the exploitation status.