Oracle has released security patches for critical vulnerabilities in its E-Business Suite, which were actively exploited by threat groups like Clop and ShinyHunters. Despite these updates, confusion remains over the specifics of the exploits, vulnerabilities, and their remediation. #CVE-2025-61884 #ShinyHunters #Clop #OracleEBS #ZeroDayExploit
Keypoints
- Oracle patched a high-severity vulnerability in E-Business Suite called CVE-2025-61884, which was exploited by cybercriminals.
- The vulnerability allowed remote, unauthenticated network access to sensitive resources via SSRF flaws.
- Threat groups like Clop and ShinyHunters exploited different Oracle EBS flaws for data theft and extortion campaigns.
- Security firms and researchers found inconsistencies in Oracleβs patches and the exploit chains they address.
- Oracle recommends installing all latest patches and applying security rules to mitigate ongoing threats.