Oracle has released an emergency security patch to address a high-severity vulnerability, identified as CVE-2025-61884, in its E-Business Suite. The flaw, which has a CVSS score of 7.5, could allow an unauthenticated attacker with network access to compromise the Oracle Configurator, potentially leading to unauthorized access to critical data. This vulnerability affects Oracle E-Business Suite versions 12.2.3 through 12.2.14 and is considered easily exploitable. The issuance of this patch follows recent disclosures about the active exploitation of a separate critical vulnerability (CVE-2025-61882) in the E-Business Suite by hacking groups believed to be associated with the Cl0p ransomware gang. Oracle is urging customers to apply the new updates immediately to mitigate the risk of remote code execution and data theft.