Analysis

Oracle (ORCL) has disclosed a new, easily exploitable vulnerability, CVE-2025-61884, within the Runtime user interface of its E-Business Suite (EBS) Configurator product. This flaw affects EBS versions 12.2.3 through 12.2.14, and potentially 12.1.3, allowing unauthenticated attackers network access via HTTP to compromise the Configurator. Successful exploitation can lead to unauthorized access to critical or complete data within the Oracle Configurator, posing significant data security risks. The vulnerability's severity is heightened by its "easily exploitable" nature and the potential for critical data compromise, as confirmed by Oracle Security's CIS Rob Duhart. This follows a previous, related vulnerability (CVE-2025-61882) which led to data theft and extortion of EBS customers, with exploit scripts for that flaw already leaked. Security researchers anticipate further attacks, suggesting a persistent threat landscape for Oracle EBS users. Oracle "strongly recommends" customers apply immediate updates or mitigations, although it has not confirmed if CVE-2025-61884 is currently under active attack. The strongly negative sentiment (-0.75 general, -0.8 for ORCL) surrounding this disclosure indicates investor concern regarding potential reputational damage, customer churn, and increased cybersecurity remediation costs for Oracle. While the market impact score is 0.6, this likely reflects the *likelihood* of market reaction rather than a positive directional impact, given the negative nature of the news.