Last week I wrote about Oracle’s recent critical vulnerability exploit (CVE-2025-61882). It appears the database software company isn’t done having trouble: another authentication vulnerability has been discovered (CVE-2025-61884). Affecting the same versions as its predecessor, 61884 allows remote access across a network without the need for a username and password. Currently, only those product versions covered by Premier Support or Extended Support are being offered the patch, with Oracle recommending clients upgrade to this level of support policy to ensure they can get it. Those without this coverage are being recommended to block all non-essential outbound traffic from EBS servers to the internet, according to Google researchers.
Leaving aside that frankly unhinged response – who is conducting e-business where they can afford to cut off servers from the internet? – this is the second emergency patch for Oracle in two weeks. In related versions, with a pair of vulnerabilities that each can be exploited remotely for unauthorized access to data. 61882 has already been exploited by a Cl0p ransomware campaign, and while there are no reports of 61884 being exploited in the wild, I wouldn’t be surprised if we hear of some soon. It’s a slightly less severe flaw than 61882, but could provide reconnaissance data, something that today’s threat actors use to link attack campaigns together, like the recent uptick in Latrodectus being used alongside its presumed ‘sibling’ and successor YiBackdoor.
Just as enterprise resource planning (ERP) is becoming more sophisticated and common, so too are the targeted attacks against it. I’ve written before about the supply chain of access creating corresponding weaknesses within a network. The more people who have it, the more likely it is to be victimized. Sometimes a single vulnerability is all it takes, like the Discord/Zendesk breach.
But what I’m seeing in these issues is an oversight problem. One would think that something as vital as authenticated access would be a prioritized area for quality control testing. It’s obvious to me. A contractor would not say a house they’re building is complete if there are gaping holes in the walls. So why are we seeing so many reports of these types of vulnerabilities? 4 of my last 7 posts have been about this topic, not counting this one.
My boss and I have a long standing joke between us that my early training was not a programming class. Of course, it did have some aspects of it, otherwise how would I know how to read the logs I analyze? But that’s rather the point of the joke. Programming and coding have become easier to accomplish regardless of technical ability or comprehension. But easier does not translate to better, nor do training models translate to thorough editing. I hope the right people in the right places are paying attention. The real critical vulnerability here is lack of proper QC.
Posted on LinkedIn 10/14/25