CrowdStrike Uncovers Oracle EBS Zero-Day Attack

CrowdStrike Uncovers Oracle EBS attack campaign exploiting a newly identified zero-day vulnerability, now tracked as CVE-2025-61882. This vulnerability impacts Oracle E-Business Suite (EBS) applications, widely used by enterprises for resource planning and operations. According to CrowdStrike, the campaign involves mass exploitation attempts against exposed EBS systems, suggesting an organized and likely sophisticated effort.

The cybersecurity firm reports that attackers are actively leveraging CVE-2025-61882 to compromise unpatched Oracle EBS environments. CrowdStrike Uncovers Oracle EBS exploitation patterns that indicate a previously unknown attack vector, which may allow unauthorized access or system manipulation. In addition to CVE-2025-61882, researchers have also flagged CVE-2025-48384, though its role in the current campaign remains unclear.

Organizations relying on Oracle EBS should evaluate their system exposure and apply necessary mitigations immediately. CrowdStrike continues to monitor the situation and advises heightened awareness across affected sectors.

Read the full report at: https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/