It looks like Larry Ellison’s company is in trouble. Oracle issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data.
This flaw comes close on the heels of Oracle’s lucrative deal with OpenAI that added billions to Ellison’s wealth and made him briefly overtake Elon Musk as the richest man in the world. The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14.
“Easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator,” according to a description of the flaw in the NIST’s National Vulnerability Database (NVD). “Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data.”
READ: OpenAI buys iPhone designer John Ive’s startup io (
In a standalone alert, Oracle said the flaw is remotely exploitable without requiring any authentication, making it crucial that users apply the update as soon as possible. The company, however, makes no mention of it being exploited in the wild.
Oracle E-Business Suite (EBS) is a comprehensive suite of enterprise applications that supports key business functions such as finance, HR, supply chain, procurement, and manufacturing. Its modular architecture allows organizations to deploy only the components they need, with the benefit of integrated data and real-time visibility across departments.
Originally designed for on-premises deployment, EBS can now be hosted on Oracle Cloud Infrastructure (OCI), offering infrastructure flexibility. However, this does not convert EBS into a cloud-native application like Oracle Fusion Cloud ERP; it remains the same application stack.
Known for its depth and customizability, EBS supports complex operations but requires careful management of its technology stack and custom code, especially when upgrading or moving to OCI.
As of 2025, Oracle has extended Premier Support for EBS 12.2 through at least 2036, enabling organizations to continue using the platform without being forced to migrate. This commitment applies only to version 12.2; older versions like 12.1 are no longer under Premier Support. While Oracle continues to deliver updates under its “continuous innovation” model, new innovations are increasingly focused on Fusion Cloud ERP, Oracle’s strategic cloud-native product.
EBS remains critical for many organizations, particularly those with complex integrations or regulatory needs. Oracle also provides tools for gradual cloud adoption. However, long-term strategies should consider that EBS, while stable and supported, is no longer Oracle’s primary ERP focus.
This security flaw may put a dampener on Oracle’s new deal and raise questions about the company if not properly addressed. It also underscores the complexities inherent in maintaining a deeply customizable, on-premises platform like EBS. Despite Oracle’s significant investments and lucrative ventures, such as its partnership with OpenAI, this incident serves as a reminder that robust security remains paramount.
Oracle’s commitment to extending Premier Support for EBS 12.2 through 2036 reflects its dedication to customers relying on this platform, but the company’s strategic focus is increasingly on its cloud-native Fusion Cloud ERP. For many enterprises, EBS continues to be vital, especially where complex integrations and regulatory compliance are involved. However, the evolving threat landscape and Oracle’s innovation trajectory suggest that customers should weigh the benefits of modernization alongside maintaining legacy systems to ensure security and business continuity.
As security threats evolve and support models shift, organizations that proactively align their IT roadmap with Oracle’s future direction will be better positioned to manage risk, reduce technical debt, and unlock innovation at scale.