Skip to main content

Overview

Oracle has released an emergency advisory for a zero-day vulnerability in Oracle E-Business Suite (EBS), which is being actively exploited. This vulnerability has a critical severity level applied to it and action should be taken as soon as possible. An emergency patch has also been released for another high-severity vulnerability in the EBS. 

  • CVE-2025-61882: Remote code execution via unauthenticated HTTP request targeting BI Publisher Integration in Oracle Concurrent Processing (CVSSv4 9.8). Affects Oracle EBS versions 12.2.3 through 12.2.14. 
  • CVE-2025-61884: Unauthorised remote data access via unauthenticated HTTP request to compromise Oracle Configurator (CVSSv4 7.8) Affects Oracle EBS versions 12.2.3-12.2.14 

 

Redis has disclosed a critical vulnerability in its Lua scripting engine that could allow authenticated attackers to execute arbitrary code on the host system. 

  • CVE-2025-49844: Use-after-free vulnerability in Lua garbage collector (CVSSv4 10.0). Exploitation requires authenticated access and enables remote code execution. The flaw affects Redis OSS/CE versions prior to 8.2.2, 8.0.4, 7.4.6, and 7.2.11, and Redis Software versions prior to 7.22.2-12. Redis Cloud deployments are not affected. 

 

F5 has advised of a serious security breach in their systems. This breach involved a sophisticated attack, providing a nation state actor with long-term and persistent access to certain F5 systems.  

Following containment of internal systems, and in response to investigations into the breach, F5 have released a number of updates for their affected BIG-IP suite of products. Customers are advised to perform these updates as soon as possible and implement hardening techniques to detect and defend against potential threats. 

 

Recommended Action  

Organisations are encouraged to review the appropriate security advisory pages and apply the updates: 

Oracle – Security Alert  

Redis – Security Advisory  

F5 – Security Incident 

 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form. 

 

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates