- Oracle patched cve-2025-61884, a critical unauthorized e-business suite vulnerability
- Shinyhunters allegedly exploited the error to steal sensitive company data from multiple organizations
- This is Oracle’s second patch that addresses utilization chains used in recent Ransomware -Press Campaigns
Oracle has patched yet another e-business suite vulnerability, allegedly used by the Shinyhunters team to smooth out sensitive company data from several organizations.
Earlier this week, the company released a new security advice that announced a patch for CVE-2025-61884. This vulnerability that was discovered in E-Business Suite, “is far utilized without approval, ie it can be utilized over a network without the need for a username and password,” Oracle explained. “If this vulnerability is successfully utilized, this vulnerability may enable access to sensitive resources.”
It affects versions 12.2.3-12.2.14, added Oracle, emphasizing that it “always recommends that customers remain on actively supported versions and use all security alarms and critical patch update lappings without delay”.
Breaking of the utilization chain
While the advisor does not mention Shinyhunters or the recent violations, the diapering computer confirmed with the help of a few cyber security organizations that the patch is actually breaking the utilization chain used by the threat actors.
This is the second patch-oracle that was released to tackle deficiencies in e-business suite recently, both of which were allegedly used by threat players to steal sensitive information.
In early October, leaders in various companies throughout the United States began receiving extortion -e emails and claimed to have been sent by ransomware -actors known as CL0P. At that time, Oracle claimed that attackers actually took advantage of an N-day vulnerability that was patched a few months before.
However, it soon withdrew and released a patch to CVE-2025-61882, an error enabling a non-authenticated striker with HTTP network access to compromise and fully taking over, Oracle Concurrent Processing Component of E-Business Suite.
Meanwhile, other threat actors began targeting e-business suite users. Among them, Shinyhunters, infamous hackers, some of the scattered lapsus $ -hunters collective, responsible for violations in Qantas, Fujifilm and others.
Now, with the other patch arriving, we will see if the holes are finally connected.
Via Bleeping computer
Don’t forget to look at our Windows 10 ending of life live updates here
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
