Oracle has issued an emergency patch for a critical flaw (CVE-2025-61882) in its E-Business Suite that has been actively exploited by threat actors, including Cl0p. The vulnerability allows remote code execution without authentication, posing a significant security threat. #CVE-2025-61882 #Cl0p #OracleEBS #LAPSUS$
Keypoints
- Oracle released an emergency update to fix a critical security vulnerability in its E-Business Suite.
- The CVE-2025-61882 flaw allows unauthenticated remote code execution via HTTP.
- Threat actors including Cl0p and LAPSUS$ are actively exploiting this vulnerability and using compromised accounts in campaigns.
- Patch updates were released alongside alerts indicating ongoing exploitation and investigation findings.
- Organizations are advised to check for potential breaches, regardless of patch application status.
Read More: https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html