"Oracle released an emergency patch this weekend for a critical vulnerability in E-Business Suite. This software flaw can be exploited by attackers without authentication to steal sensitive data. The vulnerability CVE-2025-61884 concerns an information disclosure flaw in the Runtime UI component. It affects all EBS versions from 12.2.3 to 12.2.14. If successfully exploited, this flaw could give access to sensitive data. Oracle has assigned the vulnerability a CVSS score of 7.5, which underscores the severity of the problem."
"Researchers at watchTowr Labs discovered that CVE-2025-61882 is actually a vulnerability chain. This chain can give unauthorized attackers remote code execution, as proven by a proof-of-concept exploit that was leaked online via cybercrime group Scattered Lapsus$ Hunters. Oracle has not yet marked CVE-2025-61884 as actively exploited in the wild and has not made a direct link to the CVE-2025-61882 attacks. Online Oracle EBS instances are clearly targets, so updating is highly recommended."
Oracle released an emergency patch for a critical information-disclosure vulnerability, CVE-2025-61884, in the Runtime UI component of E-Business Suite. The flaw allows unauthenticated attackers to access sensitive data and affects EBS versions 12.2.3 through 12.2.14. Oracle assigned a CVSS score of 7.5 to the vulnerability. The patch followed recent Clop extortion activity and previous EBS fixes, and CrowdStrike reported active exploitation of a related zero-day, CVE-2025-61882. Researchers found CVE-2025-61882 to be a vulnerability chain enabling remote code execution, with a proof-of-concept leak. Oracle has not confirmed active exploitation of CVE-2025-61884; updating exposed instances is highly recommended.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]