The National Cyber Emergency Response Team (National CERT) has issued a high-alert advisory to government agencies, military institutions, and critical infrastructure operators regarding a severe vulnerability in Oracle E-Business Suite (EBS). This flaw, identified as CVE-2025-61882, has a critical severity rating of 9.8 and allows attackers to take complete control of affected systems without any password, exposing organizations to major operational, financial, and reputational risks.
Hackers are actively exploiting this vulnerability to execute high-level commands on unpatched Oracle EBS systems. These attacks can result in unauthorized access, data theft, extortion, and disruption of essential functions such as finance, human resources, procurement, and supply chain management. Because the vulnerability can be triggered remotely over standard HTTP or HTTPS traffic, any EBS instance connected to the internet or insufficiently segmented from public networks is highly at risk. Systems that have not applied Oracle’s latest security updates are particularly vulnerable.
National CERT highlighted that all unpatched systems should be treated as exposed, especially those accessible from untrusted networks or lacking multi-factor authentication for administrative accounts. Government and military systems running on shared or hybrid infrastructures face additional risk due to wider exposure.
To mitigate this critical threat, organizations are advised to immediately apply Oracle’s latest security patches and ensure EBS systems are placed behind secure firewalls or gateways. Public access to management interfaces should be blocked, and logging, unusual data transfers, and signs of authentication bypass attempts should be closely monitored. Enabling multi-factor authentication, restricting administrator access, and segmenting networks are essential steps to reduce the risk of compromise. Failure to address this vulnerability could result in severe operational disruptions, data breaches, and potential financial and reputational damage.
Organizations are urged to treat this as a top priority and implement the recommended security measures without delay to prevent potential exploitation.
