CVE-2025-61884
📊 7.5 HIGH⚡ 4.5%🎯 2 exploits🏛️ KEV Listed
📅 Published Oct 12, 2025
📋 Status: Analyzed
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | oracle | configurator | ≥ 12.2.3 ∧ ≤ 12.2.14 | Vulnerable | cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≥ 12.2.3 ∧ ≤ 12.2.14
CPE:
cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
7.5 (HIGH)v3.1
Source: [email protected]
EPSS Details
4.5% (Minimal)88.6th percentile
Last updated: Oct 29, 2025
Exploitation probability within 30 days
Published Date
Oct 12, 2025 (19 days ago)
Last Modified
Oct 27, 2025 (4 days ago)
Security Weaknesses6
CWE-22CWE-93CWE-287+3
Available exploits (2)
References4
NVDadvisorygeneral+1