"Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. The flaw was addressed with an out-of-band security update released over the weekend, which Oracle said could be used to access "sensitive resources." "This Security Alert addresses vulnerability CVE-2025-61884 in Oracle E-Business Suite," reads Oracle's advisory."
""This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources." However, Oracle did not disclose that the flaw was actively exploited in attacks or that a public exploit had been released."
Oracle released an out-of-band security update over the weekend to fix CVE-2025-61884 in Oracle E-Business Suite. The flaw allowed remote, unauthenticated exploitation that could grant access to sensitive resources. A proof-of-concept exploit was publicly leaked by the ShinyHunters extortion group, and the vulnerability was actively used to breach servers. The security alert described the vulnerability as remotely exploitable without authentication and warned of potential access to sensitive resources. Oracle did not disclose that the vulnerability had been actively exploited or that a public exploit had been released prior to the patch.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]