On 11 October 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw exists in the Runtime UI component of Oracle Configurator and allows remote unauthenticated threat actors to access sensitive resources. Oracle has not confirmed a link between this vulnerability and the extortion emails received by some Oracle EBS customers from the Cl0p ransomware group in recent weeks.
At the time of writing, Oracle has not indicated that this vulnerability has been exploited in the wild, and Arctic Wolf has not identified a publicly available proof-of-concept exploit. Given historical targeting and the recent Cl0p ransomware activity, threat actors are likely to express interest and attempt exploitation in the near future.
Recommendation CVE-2025-61884
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Versions | Fixed Version |
| Oracle E-Business Suite | 12.2.3 – 12.2.14 | Patch Availability Document |
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
References
Resources
Understand the threat landscape with our annual review highlighting cyber threats with the 2025 Security Operations Report.
See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster.
