CISA has identified a critical SSRF vulnerability in Oracle E-Business Suite, urging US government organizations to apply patches by November 10. Despite the urgency, Oracle has not confirmed active exploitation of the vulnerability, CVE-2025-61884.

Oracle has announced a high-severity vulnerability in its E-Business Suite, tracked as CVE-2025-61884, which allows remote, unauthenticated access to sensitive resources. This flaw has not yet been exploited in the wild, but it poses significant risks to corporate users.

Oracle has issued an emergency fix for a critical information disclosure vulnerability in its E-Business Suite, tracked as CVE-2025-61884. The flaw allows remote unauthenticated access to sensitive resources, raising concerns about potential exploitation by threat actors.