The Register
Oracle is rushing out another emergency patch for its embattled E-Business Suite as the fallout from the Clop-linked attacks continues to spread.
The newly disclosed flaw, tracked as CVE-2025-61884 and slapped with a CVSS score of 7.5, affects the Runtime UI component in EBS, and Oracle's advisory warns that the flaw can be exploited remotely without authentication and "may allow access to sensitive resources."
In other words, it's another wide-open door into one of Oracle's most business-critical systems, and the kind of bug that cybercrims love to chain with others for data theft, extortion, or to delve deeper into enterprise networks.
"This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and passwo
The Oregonian Public Safety
Raw Story
OK Magazine
CBS News
CBC News World
The American Lawyer
The List