CISA Confirms Active Exploitation of New Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog, adding five security flaws that are under active attack. The update, issued on Monday, officially confirms that a recently disclosed vulnerability in Oracle E-Business Suite (EBS) has been weaponized in real-world attacks. This action mandates that Federal Civilian Executive Branch agencies patch these vulnerabilities to protect their networks against ongoing threats.

Among the newly listed flaws are vulnerabilities impacting major vendors, including Oracle and Microsoft. CISA’s additions underscore the persistent targeting of widely used enterprise software by malicious actors. The inclusion in the KEV catalog serves as a critical alert for all organizations to prioritize remediation efforts for these specific security defects.

Oracle E-Business Suite Flaws Detailed

A significant vulnerability added is CVE-2025-61884, which affects the Oracle Configurator component of EBS. This flaw has a CVSS score of 7.5 and has been described as a server-side request forgery (SSRF) vulnerability. According to CISA, “This vulnerability is remotely exploitable without authentication.” The agency’s confirmation means attackers are actively using it to gain unauthorized access to critical data.

CVE-2025-61884 is now the second flaw in Oracle EBS known to be actively exploited. It joins CVE-2025-61882, a critical bug with a CVSS score of 9.8 that could permit unauthenticated attackers to execute arbitrary code on vulnerable systems. Earlier reports from Google Threat Intelligence Group (GTIG) and Mandiant had revealed that dozens of organizations may have been compromised through these Oracle vulnerabilities.