Authentication Bypass in Oracle E-Business Suite Oracle Configurator Runtime UI
CVE-2025-61884 is an easily exploitable vulnerability in the Oracle Configurator Runtime UI component of Oracle E-Business Suite affecting supported versions 12.2.3 through 12.2.14. According to the provided content, the issue is a pre-authentication authentication bypass reachable over HTTP that allows a remote attacker with network access and no credentials to compromise Oracle Configurator and access sensitive data exposed through the Runtime UI. Publicly available details in the provided material do not identify the exact vulnerable function, endpoint, or code path. The documented impact is limited to confidentiality, with Oracle/NIST describing unauthorized access to critical data or complete access to all Oracle Configurator-accessible data.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
No valid public exploits. Mallory filtered out 5 candidates as fakes, detection scripts, or README-only repos.
All candidate exploits were filtered out by Mallory's validation.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
180 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
An unauthenticated SSRF vulnerability in Oracle E-Business Suite that CISA flagged as actively exploited in the wild.
An Oracle E-Business Suite vulnerability associated with vulnerable SyncServlet endpoints and monitored for exploitation attempts.
An Oracle E-Business Suite web-application vulnerability associated with exploitation and post-compromise activity; discussed alongside CVE-2025-61882 in the Oracle E-Business Suite attack chain.
An Oracle vulnerability that CISA KEV’s knownRansomwareCampaignUse field silently flipped to Known during 2025 (evidence of ransomware campaign use).
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.