Oracle EBS Zero-Day Flaw CVE-2025-61882 Explained

A critical zero-day vulnerability, CVE-2025-61882, is being actively exploited in Oracle E-Business Suite, enabling unauthenticated remote code execution. The attack is not a single flaw but a sophisticated chain of at least five vulnerabilities working in concert. It begins with a Server-Side Request Forgery (SSRF) that is escalated using CRLF injection to bypass security controls and manipulate HTTP requests. Attackers then pivot to an internal service, using path traversal to bypass authentication filters and access a vulnerable component. The final stage leverages an unsafe XSL Transformation (XSLT) process to load a malicious stylesheet from an attacker-controlled server, resulting in full system compromise.

Latest mentioned: 10-07

Earliest mentioned: 10-06

Sources

watchtowr.com thehackernews.com

Also Read

Sophisticated Supply-Chain Attack Targets VSCode Ecosystem

In late November 2025, a sophisticated supply-chain attack leveraging the Visual Studio Code extension ecosystem was discovered. A malicious extension masquerading as the popular Prettier code formatter briefly appeared on the official VSCode Marketplace, compromising at least three systems. The attack involved a multi-stage malware chain, including the Anivia loader and OctoRAT, a remote access toolkit with over 70 command modules. The threat actor used a GitHub repository named 'vscode' to host obfuscated VBScript payloads, employing payload rotation techniques to evade detection. The attack highlights the evolving threat landscape targeting developer ecosystems, emphasizing the need for strict extension management policies and enhanced endpoint detection capabilities.

12-04Read more →