- Oracle patched CVE-2025-61884, a critical unauthenticated E-Business Suite vulnerability
- ShinyHunters allegedly exploited the flaw to steal sensitive corporate data from multiple organizations
- This is Oracle’s second patch addressing exploit chains used in recent ransomware extortion campaigns
Oracle has patched yet another E-Business Suite vulnerability that was allegedly used by the ShinyHunters team to exfiltrate sensitive corporate data from numerous organizations.
Earlier this week, the company published a new security advisory, announcing a patch for CVE-2025-61884. This vulnerability, discovered in E-Business Suite, “is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password,” Oracle explained. “If successfully exploited, this vulnerability may allow access to sensitive resources.”
It affects versions 12.2.3-12.2.14, Oracle added, stressing that it “always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay”.
Breaking the exploit chain
While the advisory does not mention ShinyHunters or the recent string of breaches, BleepingComputer confirmed, with the help of a few cybersecurity organizations, that the patch does in fact break the exploit chain used by the threat actors.
This is the second patch Oracle released to address flaws in E-Business Suite recently, both of which were allegedly used by threat actors to steal sensitive information.
In early October, executives at various businesses across the United States started receiving extortion emails, claiming to have been sent by ransomware actors known as Cl0p. At the time, Oracle claimed that the attackers were actually exploiting an n-day vulnerability that was patched a few months prior.
However, it soon backtracked and released a patch for CVE-2025-61882, a bug that allowed an unauthenticated attacker with HTTP network access to compromise, and fully take over, the Oracle Concurrent Processing component of E-Business Suite.
In the meantime, other threat actors started targeting E-Business Suite users. Among them, ShinyHunters, notorious hackers part of the Scattered Lapsus$ Hunters collective, responsible for breaches at Qantas, Fujifilm, and others.
Now, with the second patch arriving, we will see if the holes are finally plugged.
Via BleepingComputer
Don’t forget to take a look at our Windows 10 End of Life live updates here
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- Oracle forced to rush out patch for zero-day exploited in attacks
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
