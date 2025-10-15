Oracle looks into the future and sees support ending

Oracle patched CVE-2025-61884, a critical unauthenticated E-Business Suite vulnerability

ShinyHunters allegedly exploited the flaw to steal sensitive corporate data from multiple organizations

This is Oracle’s second patch addressing exploit chains used in recent ransomware extortion campaigns

Oracle has patched yet another E-Business Suite vulnerability that was allegedly used by the ShinyHunters team to exfiltrate sensitive corporate data from numerous organizations.

Earlier this week, the company published a new security advisory, announcing a patch for CVE-2025-61884. This vulnerability, discovered in E-Business Suite, “is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password,” Oracle explained. “If successfully exploited, this vulnerability may allow access to sensitive resources.”

It affects versions 12.2.3-12.2.14, Oracle added, stressing that it “always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay”.

Breaking the exploit chain

While the advisory does not mention ShinyHunters or the recent string of breaches, BleepingComputer confirmed, with the help of a few cybersecurity organizations, that the patch does in fact break the exploit chain used by the threat actors.

This is the second patch Oracle released to address flaws in E-Business Suite recently, both of which were allegedly used by threat actors to steal sensitive information.

In early October, executives at various businesses across the United States started receiving extortion emails, claiming to have been sent by ransomware actors known as Cl0p. At the time, Oracle claimed that the attackers were actually exploiting an n-day vulnerability that was patched a few months prior.

However, it soon backtracked and released a patch for CVE-2025-61882, a bug that allowed an unauthenticated attacker with HTTP network access to compromise, and fully take over, the Oracle Concurrent Processing component of E-Business Suite.

In the meantime, other threat actors started targeting E-Business Suite users. Among them, ShinyHunters, notorious hackers part of the Scattered Lapsus$ Hunters collective, responsible for breaches at Qantas, Fujifilm, and others.

Now, with the second patch arriving, we will see if the holes are finally plugged.

