CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw

CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog.

BleepingComputer previously reported that CVE-2025-61884 is an unauthenticated server-side request forgery (SSRF) vulnerability in the Oracle Configurator runtime component, which was linked to a leaked exploit used in July attacks.

However, investigations by CrowdStrike and Mandiant revealed that Oracle EBS had been targeted in two different campaigns:

• July campaign: Used an exploit that targeted an SSRF flaw in the endpoint, which is now confirmed as CVE-2025-61884.
• August campaign: Used a different exploit against the endpoint, and was fixed under CVE-2025-61882 through mod_security rules to block the endpoint and by stubbing out the SYNCSERVLET class. This flaw is attributed to Clop.

To read the complete article, see Bleeping Computer.