Oracle E-Business Suite Hit by Critical Zero-Day RCE Flaw

Oracle has issued an urgent security alert for a critical zero-day vulnerability in its E-Business Suite, tracked as CVE-2025-61882. The flaw allows for remote code execution without authentication, earning a maximum CVSS score of 9.8 and posing a severe risk to affected systems. It impacts the BI Publisher Integration component in versions 12.2.3 through 12.2.14, and successful exploitation could lead to a complete system compromise. A public proof-of-concept detection template is now available, increasing the likelihood of attacks. Oracle strongly urges customers to apply the emergency security patches immediately, as indicators of compromise suggest the vulnerability may already be under active exploitation.

Latest mentioned: 10-06

Earliest mentioned: 10-06

Sources

oracle.com gbhackers.com cybersum.net

Also Read

Lampion Banking Trojan Evolves with New Social Engineering Tactics

A cybercriminal group has refined its malware campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, active since 2019, targets Portuguese-speaking banks and uses complex infection methods to evade detection. Researchers have documented significant tactical evolution, including the use of ClickFix lures and compromised email accounts. The phishing emails employ convincing banking themes, and the infection chain comprises multiple obfuscated Visual Basic script stages. The Lampion stealer has evolved into a single 700MB DLL file, incorporating encrypted ZIP files to hinder detection.

10-31Read more →