Oracle on Saturday issued a security alert warning of a current security flaw impacting its E-Enterprise Suite that it acknowledged would possibly allow unauthorized entry to delicate info.
The vulnerability, tracked as CVE-2025-61884, carries a CVSS ranking of seven.5, indicating extreme severity. It impacts variations from 12.2.3 by way of 12.2.14.
“Merely exploitable vulnerability permits an unauthenticated attacker with group entry by the use of HTTP to compromise Oracle Configurator,” based mostly on an overview of the flaw inside the NIST’s Nationwide Vulnerability Database (NVD). “Worthwhile assaults of this vulnerability can result in unauthorized entry to very important info or full entry to all Oracle Configurator accessible info.”
In a standalone alert, Oracle acknowledged the flaw is remotely exploitable with out requiring any authentication, making it important that clients apply the exchange as shortly as potential. The company, nonetheless, makes no level out of it being exploited inside the wild.
Oracle’s Chief Security Officer, Rob Duhart, recognized that the vulnerability impacts “some deployments” of E-Enterprise Suite and that it might very properly be weaponized to allow entry to delicate sources.
The occasion comes shortly after Google Danger Intelligence Group (GTIG) and Mandiant disclosed that dozens of organizations may need been impacted following the zero-day exploitation of CVE-2025-61882 in Oracle’s E-Enterprise Suite (EBS) software program program.
The assaults have been found to leverage the vulnerability to set off two completely completely different payload chains, dropping malware households like GOLDVEIN.JAVA, SAGEGIFT, SAGELEAF, and SAGEWAVE.
Whereas the tech giant didn’t significantly attribute the train to a particular named threat actor or group, it’s believed that the attackers are orchestrated by a hacking group with ties to the Cl0p ransomware group.
Elevate your perspective with NextTech Info, the place innovation meets notion.
Uncover the newest breakthroughs, get distinctive updates, and be a part of with a world group of future-focused thinkers.
Unlock tomorrow’s developments within the current day: study further, subscribe to our publication, and turn into part of the NextTech group at NextTech-news.com
Keep forward of the curve with NextBusiness 24. Discover extra tales, subscribe to our publication, and be a part of our rising group at nextbusiness24.com
