Penta Security Inc. > Blog > Oracle E-Business Suite Vulnerability Can Result In Data Access Without Login

Oracle E-Business Suite Vulnerability Can Result In Data Access Without Login

2025-10-15 Blog
Oracle Vulnerability E-Business Suite

Oracle Vulnerability Can Result In Data Access Without Login

Oracle has issued a security alert regarding a new, high-severity vulnerability (CVE-2025-61884, CVSS score of 7.5) affecting its E-Business Suite versions 12.2.3 through 12.2.14. This Oracle vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Configurator. A successful attack can result in unauthorized access to critical data or complete access to all data accessible by the Oracle Configurator. Oracle emphasized that the vulnerability is remotely exploitable without requiring any user credentials, urging users to apply the patch immediately. This alert follows a recent disclosure of a separate zero-day exploitation (CVE-2025-61882) in the same software by what is suspected to be a hacking group tied to the Cl0p ransomware crew. Oracle has issued an emergency security update to fix the flaw.

Source: The Hacker News, Security Affairs

 

Harvard University Affected By Oracle Zero-Day Exploitation

Harvard University is investigating a data breach that is reportedly linked to the Clop ransomware gang’s exploitation of a recently patched zero-day vulnerability in Oracle’s E-Business Suite (EBS) servers. The zero-day, tracked as CVE-2025-61882, was used by Clop in a widespread extortion campaign to steal sensitive data from Oracle EBS customers. Harvard confirmed its systems were impacted by the vulnerability and believe the breach is limited to a small administrative unit. Harvard has patched the vulnerability after receiving from Oracle. The investigation began after the Clop extortion group added Harvard to its data leak site, threatening to publicly release the stolen data if a ransom was not paid.

Source: Bleeping Computer, Security Week

 

SimonMed Imaging Data Breached

SimonMed Imaging, one of the largest medical imaging providers in the US, disclosed a data breach resulting from a ransomware attack that impacted over 1.2 million individuals. The security incident occurred between January 21 and February 5, 2025. The investigation revealed that a wide range of sensitive patient information was stolen, including names, addresses, dates of birth, health insurance details, driver’s license numbers, Social Security Numbers (SSNs), financial account numbers, authentication credentials, and extensive medical information. The Medusa ransomware group claimed responsibility for the attack on February 10, stating they had stolen over 200 Gb of data and set a ransom demand of $1 million.

Source: Security Week, Cyber Press

 

Discord Data Breach Exposes User Information

Discord confirmed a data breach resulting from the compromise of one of its third-party customer service providers (reportedly Zendesk). The attack, which began as an attempted ransom demand and has been claimed by the group Scattered Lapsus$ Hunters, did not breach Discord’s core infrastructure but exposed data from support ticket queues. The exposed information includes usernames, email and IP addresses, support conversation transcripts, limited billing details (like the last four digits of a credit card), and most critically, a small number of government-issued photo IDs submitted for age verification. Discord immediately revoked the vendor’s access and is notifying affected users.

Source: eSecurity Planet

 

WordPress Plugin Vulnerability Results In Hackers to Gain Admin Access

Threat actors have been actively exploiting a critical authentication bypass flaw, CVE-2025-5947 (CVSS 9.8), in the Service Finder Bookings WordPress plugin, which has over 6,000 active installations. The vulnerability, present in versions up to 6.0, allowed an unauthenticated attacker to gain complete administrator privileges on a compromised site. This was possible because the plugin’s servicefinderswitchback function failed to validate a user-switch cookie, allowing an attacker to unconditionally log in as the user ID supplied in the cookie. Administrators are strongly urged to update the plugin to the patched version 6.1 to prevent site takeover.

Source: Cyber Press, Cyber Security News

 

 

Click here to subscribe our Newsletter

Click here for inquiries regarding the partner system of Penta Security

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D.AMO

 

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Click here for inquiries regarding the partner system of Cloudbric

Tags: