“Again-to-back zero-days in Oracle EBS spotlight how menace actors are more and more focusing on high-value enterprise functions that underpin monetary and operational workflows,” stated Sakshi Grover, senior analysis supervisor for cybersecurity providers at IDC Asia/Pacific. “These methods are deeply built-in, custom-made, and tough to patch rapidly, making them enticing targets for exploitation.”
Sunil Varkey, advisor at Beagle Safety, argued that the security trade’s historic blind spot round ERP methods has created right now’s disaster. “Previously, CISOs noticed ERP methods as another person’s drawback, protected by the perimeter, too dangerous to the touch, and too advanced to know,” Varkey stated. “ERP methods are now not remoted. They’re now linked to every part: cloud providers, provider portals, e-commerce platforms, and IoT sensors and web-facing elements. This has exploded their assault floor.”
The vulnerability impacts the identical model vary as CVE-2025-61882, and organizations working internet-exposed EBS cases face explicit threat. Safety researchers famous that data disclosure flaws, whereas much less extreme than distant code execution vulnerabilities, can present attackers with reconnaissance information wanted to chain a number of exploits collectively—a method subtle menace actors have demonstrated repeatedly.
