Oracle Zero-Day and More Being Exploited by Ransomware Group

Deploy Emergency Patch for Zero-Day Flaw, Hunt for Signs of Intrusion, Warn Experts Mathew J. Schwartz (euroinfosec) • October 7, 2025

Oracle has patched a zero-day vulnerability in Oracle E-Business Suite being exploited in the wild. Security experts are urging all EBS-using organizations to install the update as quickly as possible, following its ongoing exploitation for more than a month.

See Also: Why Cyberattackers Love 'Living Off the Land'

The critical vulnerability, assigned CVE-2025-61882, has a CVSS score of 9.8, reflecting that it "is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password," says Oracle's security alert, first issued Saturday and subsequently updated. "If successfully exploited, this vulnerability may result in remote code execution."

Security experts warned that any organization that exposes its Oracle E-Business Suite to the internet is at high risk of having already been ...