Immediate actions for CVE-2025-61884: Oracle has provided patches for CVE-2025-61884 for all affected versions covered under Premier Support or Extended Support. However, security experts warned that patching alone may not be sufficient. The lessons from the recent CVE-2025-61882 attacks show that organizations need to hunt for signs of prior compromise even after applying fixes.In a detailed technical analysis of the CVE-2025-61882 campaign, Google Threat Intelligence Group and Mandiant outlined specific hunting techniques for EBS environments. The researchers found that threat actors “store payloads directly in the EBS database” and recommended that “administrators should immediately query the XDO_TEMPLATES_B and XDO_LOBS tables to identify malicious templates.”The Google team also emphasized network-level protections. “The observed Java payloads require outbound connections to C2 servers to fetch second-stage implants or exfiltrate data,” the researchers wrote, recommending organizations “block all non-essential outbound traffic from EBS servers to the internet.”The Cybersecurity and Infrastructure Security Agency (CISA) has already added CVE-2025-61882 to its Known Exploited Vulnerabilities catalog with an October 27 deadline for federal agencies. While CVE-2025-61884 has not yet been added to the catalog, organizations should treat both vulnerabilities with equal urgency, given the targeting patterns, experts suggested.
Rethinking ERP security strategy: While immediate patching remains critical, security experts argued that the back-to-back Oracle vulnerabilities signal the need for a fundamental rethinking of how organizations secure business-critical applications.”Beyond immediate remediation, security leaders should strengthen visibility across third-party dependencies, enforce least privilege within ERP environments, and invest in behavioral analytics to detect abnormal transactions before they cause business disruption,” Grover said. According to IDC’s Asia/Pacific Security Survey 2025, cited by Grover, 26% of enterprises are already driving identity-first security strategies aligned with business applications.Varkey emphasized that ERP systems must be elevated to critical asset status. “ERP systems should be treated as critical assets with isolation, logging, monitoring, least privileges, segmentation, and zero trust enforcement,” he said. “Security teams should be part of the core governance team and define the security mandates.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4072174/oracle-issues-second-emergency-patch-for-e-business-suite-in-two-weeks.html
