In partnership with

This week’s defining threat: the Oracle E-Business Suite zero-day (CVE-2025-61882) is now confirmed as actively exploited in a mass campaign. At the same time, Cisco firewall zero-days (CVE-2025-20333 / 20362) remain dangerous—and another new EBS vulnerability (CVE-2025-61884) emerges. Below: what’s new, what demands action now.

🚨 Top Stories

1. Dozens of Organizations Hit via Oracle EBS Exploitation
Google’s Threat Intelligence Group says an extortion campaign targeting Oracle EBS has impacted dozens of organizations, with “mass amounts of customer data” exfiltrated. The attack likely began months ago. Reuters
💡 Key Takeaway: If you run Oracle EBS, assume compromise unless proven otherwise. Deploy detection, hunt, and patch immediately.

2. Cisco Firewalls: 50,000+ Devices Vulnerable in Live RCE Flaw (CVE-20333 / 20362)
As many as 50,000 internet-connected Cisco ASA/FTD firewalls remain exposed to two zero-days (RCE + auth bypass). Many are unpatched despite CISA’s Emergency Directive. TechRadar
💡 Key Takeaway: Patch all ASA/FTD devices now—this vulnerability is too severe to delay.

3. Oracle Adds New EBS Vulnerability CVE-2025-61884
Oracle disclosed a fresh vulnerability in its E-Business Suite (Configurator module) allowing unauthenticated HTTP-based access to sensitive data. It affects versions 12.2.3–12.2.14. Help Net Security
💡 Key Takeaway: Expand your patch and hunt coverage to include CVE-2025-61884. It joins 61882 in exposing EBS to unauthenticated attacks.

🛠️ Vulnerability Spotlight

  • CVE-2025-61882 (Oracle EBS Unauthenticated RCE)
    Part of the extortion campaign; remote, HTTP-based, no login needed. Oracle
    💡 Key Takeaway: Patch it now, hunt for IOCs, and isolate exposed EBS endpoints aggressively.

  • CVE-2025-20333 / CVE-2025-20362 (Cisco ASA / FTD RCE + Auth Bypass)
    These zero-day flaws remain under active attack; Cisco has issued updates. Cisco
    💡 Key Takeaway: Validate your firewall fleet’s patch status. For outdated or unsupported devices, plan immediate replacement.

  • CVE-2025-61884 (Oracle EBS Configurator Access)
    New bug enabling HTTP-based sensitive data access without authentication. Help Net Security
    💡 Key Takeaway: Add this to your EBS patch plan and hunt list; don’t let it slip because it feels “secondary.”

📈 Trend to Watch

Proliferation of chained vulnerabilities in enterprise platforms
Recent weeks show attackers chaining exploits across EBS (61882 → 61884), or combining firewall RCEs with persistent access. The next wave will increasingly use multi-stage attacks across infrastructure and application layers.
💡 Key Takeaway: Threat modeling must consider compound attacks — don’t treat each CVE in isolation.

🏛️ Policy & Regulation Watch

CISA’s Emergency Directive ED 25-03 for Cisco ASA/FTD
Federal agencies must inventory, analyze, mitigate, and report Cisco firewall compromise by CISA timeline. CISA
💡 Key Takeaway: This directive reinforces that ASA/FTD failures are now regarded as national risk. Organizations beyond federal scope should treat it as de facto must-fix.

🧰 Tool / Resource of the Week

Oracle EBS Security Alert — CVE-2025-61882
Oracle’s own advisory includes patch instructions, affected versions, prerequisites, and IoCs. Essential as your canonical reference during mitigation efforts. Oracle
💡 Key Takeaway: Use this alert as your single source of truth when verifying fixes or hunting for signs of exploit.

⚡ Quick Hits

  • Cisco confirms attempted exploit of ASA zero-days in real networks. BleepingComputer

  • CrowdStrike links the Oracle EBS campaign to mass exploitation. CrowdStrike

  • Rapid7 says Cl0p used n-day flaws alongside the zero-day in many attacks. BankInfoSecurity

  • Cisco publishes advisory for web services RCE impacting ASA/FTD/IOS platforms (CSCwo18850). Cisco

🛡️ Actionable Defense Move

Conduct a priority integrity sweep & segmented patch rollout for EBS + ASA

  • Map all Oracle EBS endpoints. Patch CVE-61882 and CVE-61884 immediately.

  • Hunt logs, IOCs, past backup integrity, and database templates for signs of compromise.

  • Inventory all Cisco ASA/FTD systems. Apply critical patches (20333 / 20362), and isolate vulnerable units.

  • Monitor new firewall traffic surges or escalation attempts aggressively. Monitor for scan surges on critical service ports as tripwires for attack campaigns.

🏁 Final Word

This week reminds us: enterprise software (Oracle EBS) is as vulnerable as infrastructure (firewalls). Two new EBS bugs and unresolved firewall zero-days demand urgency. Patch, hunt, isolate — and assume adversaries will not wait.

Stay vigilant.

The Gold standard for AI news

AI keeps coming up at work, but you still don't get it?

That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.

Here's what you get:

  • Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.

  • Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.

  • New AI tools tested and reviewed - We try everything to deliver tools that drive real results.

  • All in just 3 minutes a day

Join 1M+ pros

That’s it for this week — stay sharp. Share InfoSec.Watch with a teammate so they don’t fall behind.

Subscribe

Keep Reading

No posts found

© 2025 InfoSec.Watch.

Privacy policy

Terms of use

Powered by beehiiv