""This vulnerability is remotely exploitable without authentication," CISA said."
""At this time, we are not able to attribute any specific exploitation activity to a specific actor, but it's likely that at least some of the exploitation activity we observed was conducted by actors now conducting Cl0p-branded extortion operations," Zander Work, senior security engineer at GTIG, told The Hacker News last week."
CISA added five security flaws to its Known Exploited Vulnerabilities Catalog and confirmed CVE-2025-61884 is being weaponized in real-world attacks. CVE-2025-61884 (CVSS 7.5) is a server-side request forgery in the Runtime component of Oracle Configurator that can allow unauthorized access to critical data and is remotely exploitable without authentication. CVE-2025-61884 is being exploited alongside CVE-2025-61882 (CVSS 9.8), an unauthenticated arbitrary code execution flaw in Oracle E-Business Suite that impacted dozens of organizations. Google Threat Intelligence Group and Mandiant observed exploitation activity possibly tied to actors now conducting Cl0p-branded extortion operations. CISA also added CVE-2025-33073 (Windows SMB client privilege escalation) and CVE-2025-2746 (Kentico Xperience CMS authentication bypass) to the KEV catalog; those issues were fixed by vendors in 2025.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]