Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among Targets

The Hacker News by The Hacker News
October 20, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Oct 20, 2025Ravie LakshmananThreat Intelligence / Data Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.

The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator that could allow attackers unauthorized access to critical data.

“This vulnerability is remotely exploitable without authentication,” CISA said.

DFIR Retainer Services

CVE-2025-61884 is the second flaw in Oracle EBS to be actively exploited along with CVE-2025-61882 (CVSS score: 9.8), a critical bug that could permit unauthenticated attackers to execute arbitrary code on susceptible instances.

Earlier this month, Google Threat Intelligence Group (GTIG) and Mandiant revealed dozens of organizations may have been impacted following the exploitation of CVE-2025-61882.

“At this time, we are not able to attribute any specific exploitation activity to a specific actor, but it’s likely that at least some of the exploitation activity we observed was conducted by actors now conducting Cl0p-branded extortion operations,” Zander Work, senior security engineer at GTIG, told The Hacker News last week.

Also added by CISA to the KEV catalog are four other vulnerabilities –

  • CVE-2025-33073 (CVSS score: 8.8) – An improper access control vulnerability in Microsoft Windows SMB Client that could allow for privilege escalation (Fixed by Microsoft in June 2025)
  • CVE-2025-2746 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling of empty SHA1 usernames in digest authentication (Fixed in Kentico in March 2025)
  • CVE-2025-2747 (CVSS score: 9.8) – An authentication bypass using an alternate path or channel vulnerability in Kentico Xperience CMS that could allow an attacker to control administrative objects by taking advantage of the Staging Sync Server password handling for the server defined None type (Fixed in Kentico in March 2025)
  • CVE-2022-48503 (CVSS score: 8.8) – An improper validation of array index vulnerability in Apple’s JavaScriptCore component that could result in arbitrary code execution when processing web content (Fixed by Apple in July 2022)
CIS Build Kits

There are currently no details on how the aforementioned four issues are being exploited in the wild, although details about CVE-2025-33073, CVE-2025-2746, and CVE-2025-2747 were shared by researchers from Synacktiv and watchTowr Labs, respectively.

Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by November 10, 2025, to secure their networks against active threats.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Opera announces deep research agent for Opera Neon

Opera announces deep research agent for Opera Neon

Recommended.

Google Cloud-IBM Team For Multi-Billion Dollar AI Agent Gemini Enterprise Push

Google Cloud-IBM Team For Multi-Billion Dollar AI Agent Gemini Enterprise Push

June 4, 2026
Dangbei bringt MP1 Max 4K-Projektor auf den Markt: Hybrides Licht für jeden Moment – perfekt zum Teilen

Dangbei bringt MP1 Max 4K-Projektor auf den Markt: Hybrides Licht für jeden Moment – perfekt zum Teilen

June 25, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio