CVE-2025-61884 — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

Description

Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.

How to fix CVE-2025-61884

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2025-61884 being exploited?

Yes — CVE-2025-61884 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.