Critical Oracle Suite Flaw Actively Exploited; CISA Orders Urgent Patch  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that attackers are actively exploiting a critical server-side request forgery (SSRF) vulnerability, CVE-2025-61884, in Oracle E-Business Suite's Configurator runtime component. Federal agencies have been directed to patch this flaw by November 10, 2025, as it is now listed in CISA’s Known Exploited Vulnerabilities catalog. CVE-2025-61884, which carries a severity rating of 7.5, allows attackers to gain unauthorized access to sensitive data or even full access to all Oracle Configurator data. The vulnerability was first disclosed by Oracle on October 11, 2025, but the company did not initially confirm exploitation, despite evidence that the exploit was leaked by threat actors ShinyHunters and Scattered Lapsus$ in July. The patch fixes the SSRF flaw by validating the "return_url" parameter provided by attackers, blocking malicious requests if validation fails. In early October, cybersecurity firm Mandiant disclosed that the Clop ransomware group had been extorting organizations using Oracle E-Business Suite zero-day flaws. Oracle responded by stating that Clop had exploited vulnerabilities patched in July. On October 3, ShinyHunters leaked an exploit for Oracle EBS, which was later linked to Clop. Oracle then disclosed CVE-2025-61882, which was unrelated and was patched for August attacks that targeted the /OA_HTML/SyncServlet endpoint. Investigations by CrowdStrike and Mandiant revealed two distinct campaigns: the July campaign exploited the SSRF flaw in /configurator/UiServlet (CVE-2025-61884), while the August campaign targeted the /OA_HTML/SyncServlet endpoint, now fixed under CVE-2025-61882. The ShinyHunters exploit leaked earlier targets the UiServlet SSRF chain, not the SyncServlet flaw. There is confusion about why Oracle listed the ShinyHunters exploit as an indicator of compromise for CVE-2025-61882 instead of CVE-2025-61884, despite evidence pointing to the latter. Oracle has not responded to media inquiries regarding this discrepancy or the status of CVE-2025-61882 as exploited. This incident highlights the ongoing risk to organizations using Oracle E-Business Suite and underscores the urgency of timely patching and robust vulnerability management.

Critical Oracle Suite Flaw Actively Exploited; CISA Orders Urgent Patch #CISA #EBusinessSuite #Oracle

Asahi colpita da ransomware Qilin, Oracle rilascia patch per zero-day in E-Business Suite, e NCSC UK segnala un aumento del 50% degli attacchi cyber significativi.

#Asahi #EBusinessSuite #NCSC #Oracle #Qilin #Ransomware #zeroday
www.matricedigitale.it/2025/10/14/a...

Oracle Workload Cloud-Strategy Innovation: A Customer Per... Abstract : How can you gain confidence when planning ​a...

Listen to real-world customer perspectives on Oracle migration to the Public Cloud.
I am involved personally from the planning to execution of both customer migration.
#CloudMigration #EBusinessSuite #OrclDB
Register to join
https://buff.ly/3fO6Zcl

Get out of the EBS Jail with APEX early morning session. Learning how Webservices can be used with EBS . #Orclapex #c19tc #EBusinessSuite #Oracle

GM financials session explaining how they used APEX with EBS ! #Oracle #EBusinessSuite #OrclAPEX

Oracle APEX EBS extensions stickers at our booth 945 #EBusinessSuite #OrclEBS #orclAPEX @InsumSolutions

Wow, full room and standing for @InsumSmartel session on Dashboard with APEX in EBS #Oracle #orclapex #C19TX #EBusinessSuite

Don’t miss this webinar about extending #EBusinessSuite with #OrclApex Register here : http://bit.ly/1wdLZeB

404: DOAG e.V.

#DOAGNews: Neue In-Memory-Anwendung für Oracle #EBusinessSuite: Kurz nach der Veröffentlichung von... http://dlvr.it/4vZvmL #DOAGeV

Keynote: #Oracle #EBusinessSuite - Strategy, Update and Roadmap mit Dr. Nadia Bendjedou #Apps2013 http://ow.ly/oNY4M

Keynote: #Oracle #EBusinessSuite - Strategy, Update and Roadmap mit Dr. Nadia Bendjedou #Apps2013 http://ow.ly/oNY1Q

Keynote: #Oracle #EBusinessSuite - Strategy, Update and Roadmap mit Dr. Nadia Bendjedou #Apps2013 http://ow.ly/oNXZw

Keynote: #Oracle #EBusinessSuite - Strategy, Update and Roadmap mit Dr. Nadia Bendjedou #Apps2013 http://ow.ly/oNXWa

404: DOAG e.V.

#DOAGNews: #EBusinessSuite 12.2 nach langer Ungewissheit endlich da: Ähnlich wie mit dem Release von... http://dlvr.it/40YJPN #DOAGeV

Keynote: #Oracle #EBusinessSuite - Strategy, Update and Roadmap mit Dr. Nadia Bendjedou #Apps2013 http://ow.ly/oNXLU

Keynote: #Oracle #EBusinessSuite - Strategy, Update and Roadmap mit Dr. Nadia Bendjedou #Apps2013 http://ow.ly/oNXLU

404: DOAG e.V.

#DOAGNews: Oracle #EBusinessSuite mit Oracle Application Express aufpeppen: Jeder kennt Oracle... http://dlvr.it/3sy0q3 #DOAGeV

404: DOAG e.V.

#DOAGNews: Java JRE 7 nun unter Oracle #EBusinessSuite zertifiziert: Java Runtime Environment 7 Update 10... http://dlvr.it/2n0r1Z #DOAGeV

404: DOAG e.V.

#DOAGNews: Warten auf die #EBusinessSuite R12.2: Ursprünglich war es eine Ankündigung zum Support der... http://dlvr.it/2YnVvb #DOAGeV

404: DOAG e.V.

#DOAGNews: Inkompatibilitäten zwischen JRE 7 und #EBusinessSuite: Windows JRE Auto-Update sollte... http://dlvr.it/1k3G3k #DOAGeV

404: DOAG e.V.

#DOAGNews: DOAG 2012 Applications: Fokus auf die #EBusinessSuite: Nächste Woche öffnet die DOAG 2012... http://dlvr.it/1W6ztS #DOAGeV