The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities ( KEV ) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.
The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator that could allow attackers unauthorized access to critical data.
"This vulnerability is remotely exploitable without authentication," CISA said.
CVE-2025-61884 is the second flaw in Oracle EBS to be actively exploited along with CVE-2025-61882 (CVSS score: 9.8), a critical bug that could permit
Local News in Pennsylvania
Associated Press US News
ABC6 Rhode Island
FOX 10 Phoenix Crime
FOX 13 Seattle Crime
Law & Crime
FOX5 Vegas Crime
WTOC 11
ABC30 Fresno Sports