The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified five new security vulnerabilities and added them to its Known Exploited Vulnerabilities (KEV) Catalog. This update includes a recently exposed vulnerability in Oracle E-Business Suite (EBS), labeled CVE-2025-61884, which has been confirmed to be actively exploited in real-world attacks. This vulnerability has a CVSS score of 7.5 and is classified as a server-side request forgery (SSRF) flaw within the Oracle Configurator’s Runtime component, allowing unauthorized access to sensitive data without requiring authentication.
Alongside CVE-2025-61884, CISA highlighted another critical vulnerability, CVE-2025-61882, which has an even higher CVSS score of 9.8. This flaw enables unauthenticated attackers to execute arbitrary code on vulnerable systems. Google’s Threat Intelligence Group and Mandiant recently reported that many organizations may have been compromised through the exploitation of this particular vulnerability.
In addition to the Oracle vulnerabilities, CISA’s latest catalog update includes four other critical issues:
- CVE-2025-33073 – A privilege escalation vulnerability in the Microsoft Windows SMB Client with a CVSS score of 8.8. This was addressed by Microsoft in June 2025.
- CVE-2025-2746 and CVE-2025-2747 – Both are authentication bypass vulnerabilities in Kentico Xperience CMS, each with a CVSS score of 9.8. They allow attackers to control administrative objects by exploiting flawed password handling mechanisms. Both issues were resolved by Kentico in March 2025.
- CVE-2022-48503 – An improper validation of array indexes in Apple’s JavaScriptCore component, which could lead to arbitrary code execution. This flaw was fixed in July 2022 and carries a CVSS score of 8.8.
Currently, CISA has not disclosed how the vulnerabilities, apart from the Oracle ones, are being exploited in practice. Federal Civilian Executive Branch (FCEB) agencies have until November 10, 2025, to address these vulnerabilities to protect their networks against active threats.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.