Oracle Quarterly Critical Patches

Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.

Threat Intelligence

Watchtowr reports CVE-2025-61882 and CVE-2025-61884 were exploited in the recent wave of Cl0p data theft attacks and subsequent extortion campaign.

Systems Affected

Risk

Government: – Large and medium government entities: High – Small government entities: High

Businesses: – Large and medium business entities: High – Small business entities: High

Home Users: Low

Recommendations

Apply appropriate patches or appropriate mitigations provided by Oracle to vulnerable systems immediately after appropriate testing. Use vulnerability scanning to find potentially exploitable software vulnerabilities to remediate them. Apply the Principle of Least Privilege to all systems and services and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack. Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources. Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems, which could include suspicious process, file, API call, etc. behavior. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.

References

Oracle: https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/alert-cve-2025-61882.html https://www.oracle.com/security-alerts/alert-cve-2025-61884.html