Today’s Topics:
- Oracle Warns of New E-Business Suite Vulnerability Allowing Unauthorized Data Access
- Widespread SonicWall VPN Compromise Impacts Over 100 Accounts, Experts Warn
- How can Netizen help?
Oracle Warns of New E-Business Suite Vulnerability Allowing Unauthorized Data Access
Oracle has issued an emergency security alert addressing a newly discovered flaw in its E-Business Suite (EBS) that could allow attackers to access sensitive data without authentication.
The vulnerability, identified as CVE-2025-61884, carries a CVSS v3 base score of 7.5 and affects Oracle E-Business Suite versions 12.2.3 through 12.2.14. According to the National Vulnerability Database (NVD), the issue lies in the Oracle Configurator component and can be exploited remotely over HTTP without valid credentials.
“Easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Configurator,” the NVD description notes. “Successful attacks can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data.”
Oracle’s advisory confirms that the flaw does not currently appear to be under active exploitation, but the company urges immediate patching due to the potential impact on confidentiality and integrity. Chief Security Officer Rob Duhart stated that the vulnerability affects “some deployments” and could be weaponized to gain access to sensitive resources if left unpatched.
This latest disclosure follows closely on the heels of CVE-2025-61882, another critical E-Business Suite flaw that has already been exploited in the wild. Research by Google Threat Intelligence Group (GTIG) and Mandiant revealed that threat actors, believed to have links to the Cl0p ransomware group, used the earlier bug in targeted attacks against multiple organizations. Those intrusions deployed various Java-based payloads including GOLDVEIN.JAVA, SAGEGIFT, SAGELEAF, and SAGEWAVE, often chaining vulnerabilities for deeper access.
Although no exploitation of CVE-2025-61884 has been reported, Oracle has made clear that it represents a serious exposure for enterprises still running outdated EBS installations. The company recommends applying the latest security update immediately and reviewing configurations for any anomalous activity in Oracle Configurator logs.
Organizations using E-Business Suite should also validate that prior patches, particularly those addressing CVE-2025-61882, have been correctly implemented, as attackers have demonstrated a growing interest in chaining EBS vulnerabilities for data theft and persistence.
Widespread SonicWall VPN Compromise Impacts Over 100 Accounts, Experts Warn
Cybersecurity firm Huntress has issued an alert warning of a large-scale compromise affecting SonicWall SSL VPN devices, with more than 100 accounts breached across 16 customer environments. The company reports that attackers are logging into multiple accounts in rapid succession, suggesting they already possess valid credentials rather than relying on brute-force methods.
According to Huntress, the wave of activity began around October 4, 2025, with logins traced to a single IP address, 202.155.8[.]73, used to authenticate into multiple SonicWall appliances. In some cases, the threat actors disconnected shortly after access, while in others they conducted reconnaissance, network scans, and attempted to access local Windows accounts.
The discovery comes shortly after SonicWall confirmed a separate security incident involving unauthorized exposure of firewall configuration backup files from MySonicWall cloud accounts. The breach reportedly affects all customers using SonicWall’s cloud backup service, where configuration files contain sensitive details such as DNS settings, authentication data, domain configurations, and encryption certificates.
Security firm Arctic Wolf warned that these exposed files could allow attackers to replicate internal configurations or gain network access. However, Huntress has stated that no direct evidence yet links the configuration file breach to the ongoing VPN compromises.
Huntress recommends organizations using SonicWall’s cloud configuration backup service take immediate precautions, including:
- Resetting credentials on all live firewall and VPN devices.
- Restricting WAN management and remote administrative access.
- Revoking external API keys that connect to firewalls or management systems.
- Monitoring VPN and administrative logins for suspicious activity.
- Enforcing multi-factor authentication (MFA) for all remote and privileged accounts.
The incident coincides with renewed ransomware campaigns exploiting known SonicWall vulnerabilities such as CVE-2024-40766, which has been linked to Akira ransomware operations. A recent report by Darktrace detailed a similar intrusion targeting a U.S.-based organization in late August 2025. The attack involved network scanning, privilege escalation via “UnPAC the hash,” and eventual data exfiltration.
Darktrace identified the compromised system as a SonicWall VPN server, suggesting that this activity forms part of a broader campaign targeting SonicWall devices for initial access into corporate environments.
These ongoing incidents highlight a critical trend: attackers are continuing to exploit older, well-documented vulnerabilities alongside stolen credentials to breach enterprise networks. Organizations that depend on SonicWall infrastructure are strongly urged to apply all available patches, review authentication logs, and remove legacy access paths to mitigate ongoing threats.
How Can Netizen Help?
Founded in 2013, Netizen is an award-winning technology firm that develops and leverages cutting-edge solutions to create a more secure, integrated, and automated digital environment for government, defense, and commercial clients worldwide. Our innovative solutions transform complex cybersecurity and technology challenges into strategic advantages by delivering mission-critical capabilities that safeguard and optimize clients’ digital infrastructure. One example of this is our popular “CISO-as-a-Service” offering that enables organizations of any size to access executive level cybersecurity expertise at a fraction of the cost of hiring internally.
Netizen also operates a state-of-the-art 24x7x365 Security Operations Center (SOC) that delivers comprehensive cybersecurity monitoring solutions for defense, government, and commercial clients. Our service portfolio includes cybersecurity assessments and advisory, hosted SIEM and EDR/XDR solutions, software assurance, penetration testing, cybersecurity engineering, and compliance audit support. We specialize in serving organizations that operate within some of the world’s most highly sensitive and tightly regulated environments where unwavering security, strict compliance, technical excellence, and operational maturity are non-negotiable requirements. Our proven track record in these domains positions us as the premier trusted partner for organizations where technology reliability and security cannot be compromised.
Netizen holds ISO 27001, ISO 9001, ISO 20000-1, and CMMI Level III SVC registrations demonstrating the maturity of our operations. We are a proud Service-Disabled Veteran-Owned Small Business (SDVOSB) certified by U.S. Small Business Administration (SBA) that has been named multiple times to the Inc. 5000 and Vet 100 lists of the most successful and fastest-growing private companies in the nation. Netizen has also been named a national “Best Workplace” by Inc. Magazine, a multiple awardee of the U.S. Department of Labor HIRE Vets Platinum Medallion for veteran hiring and retention, the Lehigh Valley Business of the Year and Veteran-Owned Business of the Year, and the recipient of dozens of other awards and accolades for innovation, community support, working environment, and growth.
Looking for expert guidance to secure, automate, and streamline your IT infrastructure and operations? Start the conversation today.
