Oracle has issued a security alert regarding a new vulnerability in its E-Business Suite, which could potentially expose sensitive data to unauthorized access.
Oracle is facing scrutiny following the announcement of a new security flaw in its E-Business Suite (EBS), which the company warns could allow unauthorized access to sensitive data. This vulnerability, identified as CVE-2025-61884, has been assigned a high severity score of 7.5 on the Common Vulnerability Scoring System (CVSS) scale and affects versions 12.2.3 through 12.2.14 of the software.
The security alert comes shortly after Oracle’s lucrative partnership with OpenAI, which significantly boosted the wealth of co-founder Larry Ellison, briefly making him the richest person in the world, surpassing Elon Musk. The timing of this vulnerability raises concerns about the company’s security posture amidst its recent financial successes.
According to the National Institute of Standards and Technology’s National Vulnerability Database (NVD), the flaw is described as “easily exploitable,” allowing an unauthenticated attacker with network access via HTTP to compromise the Oracle Configurator. Successful exploitation of this vulnerability could lead to unauthorized access to critical data or even complete access to all data accessible through Oracle Configurator.
In a standalone alert, Oracle emphasized the importance of applying updates promptly, as the flaw is remotely exploitable without requiring any authentication. However, the company has not reported any instances of the vulnerability being exploited in the wild.
Oracle E-Business Suite is a comprehensive suite of enterprise applications that supports essential business functions, including finance, human resources, supply chain management, procurement, and manufacturing. Its modular architecture allows organizations to deploy only the components they need, providing integrated data and real-time visibility across various departments.
Originally designed for on-premises deployment, EBS can now be hosted on Oracle Cloud Infrastructure (OCI), offering organizations greater flexibility. However, it is important to note that this transition does not transform EBS into a cloud-native application like Oracle Fusion Cloud ERP; it remains the same application stack.
Known for its depth and customizability, EBS supports complex operations but requires careful management of its technology stack and custom code, particularly during upgrades or migrations to OCI. As of 2025, Oracle has extended Premier Support for EBS version 12.2 through at least 2036, allowing organizations to continue using the platform without being compelled to migrate. This support commitment applies only to version 12.2, while older versions, such as 12.1, are no longer under Premier Support.
While Oracle continues to deliver updates under its “continuous innovation” model, the focus of new innovations is increasingly shifting toward Fusion Cloud ERP, Oracle’s strategic cloud-native product. Despite this shift, EBS remains critical for many organizations, especially those with complex integrations or regulatory requirements. Oracle also offers tools to facilitate gradual cloud adoption.
The emergence of this security flaw may cast a shadow over Oracle’s recent achievements and raise questions about the company’s ability to manage security effectively. This incident highlights the complexities involved in maintaining a deeply customizable, on-premises platform like EBS. Even with Oracle’s substantial investments and partnerships, such as the one with OpenAI, the importance of robust security cannot be overstated.
Oracle’s commitment to extending Premier Support for EBS 12.2 through 2036 demonstrates its dedication to customers who rely on this platform. However, the company’s strategic focus is increasingly on its cloud-native Fusion Cloud ERP. For many enterprises, EBS continues to be vital, particularly where complex integrations and regulatory compliance are concerned.
As the threat landscape evolves and support models change, organizations that proactively align their IT strategies with Oracle’s future direction will be better positioned to manage risks, reduce technical debt, and unlock innovation at scale.
Source: Original article