"However, Oracle itself has not yet confirmed the exploitation. Oracle published CVE-2025-61884, a server-side request forgery (SSRF) vulnerability in the Oracle Configurator runtime component, on October 11. The bug received a CVSS score of 7.5 and does not require authentication to exploit. According to the company, attackers can use this vulnerability to gain "unauthorized access to critical data or full access to all Oracle Configurator data.""
"Research by CrowdStrike and Mandiant has revealed that there have been two separate waves of attacks, BleepingComputer reports. In July, criminals targeted an SSRF vulnerability in the "/configurator/UiServlet" endpoint, which has now been confirmed as CVE-2025-61884. A month later, a second campaign targeted the "/OA_HTML/SyncServlet" endpoint, which Oracle has patched as CVE-2025-61882. This latter vulnerability is attributed to the Clop ransomware group. In early October, Clop sent threatening emails to several companies claiming to have stolen data from Oracle E-Business Suite environments via zero-day vulnerabilities."
An unauthenticated SSRF vulnerability, CVE-2025-61884, affects the Oracle Configurator runtime component and carries a CVSS score of 7.5, potentially enabling unauthorized or full access to Configurator data. CISA listed the vulnerability as actively exploited and required US government agencies to install patches by November 10, 2025. Security firms identified two distinct attack waves: July exploitation of the "/configurator/UiServlet" endpoint tied to CVE-2025-61884 and a subsequent campaign against the "/OA_HTML/SyncServlet" endpoint patched as CVE-2025-61882. The Clop ransomware group has been associated with the latter campaign, and proof-of-concept material was leaked on Telegram.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]