CVE-2025-61884: Oracle E-Business Suite Server-Side Request Forgery (SSRF)
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability. Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
- CISA KEV-listed (remediation due 2025-11-10)
- used in ransomware campaigns
- EPSS 51.1% (97.9% percentile)