Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the attackers were Cl0p or LAPSUS$, both, or even additional threat actors is still unknown, as the scripts have been leaked on Telegram. CVE-2025-61882 exploit scripts analyzed “What we have observed is that CVE-2025-61882 (…) is not ‘just’ one vulnerability. It is a poetic flow of numerous small/medium weaknesses,” watchTowr researchers Sina Kheirkhah and … More
The post Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) appeared first on Help Net Security.
