Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle security patch release for CVE-2025-61882

Security Patch Release
First reported
Last updated
Happening score
H score 59
3 unique sources, 4 articles

Summary

Hide ▲

Oracle released an emergency update for Oracle E-Business Suite to fix CVE-2025-61882, a critical flaw with active exploitation risk tied to Cl0p data theft attacks. The bug can be reached over HTTP without authentication and may enable remote code execution in the Oracle Concurrent Processing component. Oracle also said it issued additional fixes after uncovering more potential exploitation during its investigation.

Cases

Oracle E-Business Suite CVE-2025-61882 exploitation, extortion, and breach fallout (6) Oracle E-Business Suite CVE-2025-61882 exploitation, extortion, and breach fallout (6)

Related Happenings

Ivanti security patch release for CVE-2026-8043

Security Patch Release
First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Open Happening

Oracle security patch release for CVE-2026-21992

Security Patch Release
First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Open Happening

SAP security patch release for CVE-2019-17571

Security Patch Release
First: 11.03.2026 14:26 Last: 11.03.2026 14:26 Sources 1

About this happening: **SAP** released security updates for **two critical flaws** in **FS-QUO** and **NetWeaver Enterprise Portal Administration**, reducing the risk of **arbitrary code execution** on...

Open Happening

Hewlett Packard Enterprise (HPE) security patch release for CVE-2026-23813

Security Patch Release
First: 10.03.2026 19:30 Last: 10.03.2026 19:30 Sources 1

About this happening: **HPE** released **security updates** for **Aruba Networking AOS-CX**, closing **multiple vulnerabilities** including authentication and code execution issues on **CX-series campu...

Open Happening

SolarWinds security patch release for CVE-2025-40538

Security Patch Release
First: 25.02.2026 09:04 Last: 25.02.2026 09:04 Sources 1

About this happening: **SolarWinds** released **Serv-U** updates that fix **four critical flaws** in **version 15.5**, reducing the risk of **remote code execution**. The patched issues are tracked as...

Open Happening

Timeline

  1. 14.10.2025 19:38 1 articles · 7mo ago

    Oracle fixes CVE-2025-61884 in Oracle E-Business Suite

    Mitigation Patch Update

    Oracle released an out-of-band weekend update for Oracle E-Business Suite to address CVE-2025-61884, a remotely exploitable SSRF flaw that could expose sensitive resources. Researchers said the patch now validates attacker-supplied return_url with a strict regular expression, blocking injected CRLF, and multiple researchers confirmed the update closes the leaked ShinyHunters exploit path.

    Show sources
    Open in new tab
  2. 06.10.2025 08:15 4 articles · 7mo ago

    Oracle emergency patch for CVE-2025-61882

    Initial Disclosure

    Oracle released an emergency update for CVE-2025-61882 in Oracle E-Business Suite after saying the flaw had been exploited in Cl0p data theft attacks. The vulnerability is remotely exploitable without authentication over HTTP, can affect the Oracle Concurrent Processing component, and may allow remote code execution. Oracle also said it issued fixes after finding additional potential exploitation during its investigation.

    Show sources
    Open in new tab