The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, confirming active exploitation of at least two critical Oracle E-Business Suite (EBS) flaws. CVE-2025-61884, with a CVSS score of 7.5, is a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This flaw allows unauthenticated remote attackers to access sensitive internal data by manipulating server requests, potentially exposing critical business information. CVE-2025-61882, scoring 9.8, is a critical remote code execution vulnerability permitting unauthenticated attackers to execute arbitrary code on vulnerable Oracle EBS instances, posing a severe risk of full system compromise. Google Threat Intelligence Group and Mandiant have observed exploitation campaigns potentially linked to Cl0p ransomware operators. Additional vulnerabilities include CVE-2025-33073 (Windows SMB Client privilege escalation), CVE-2025-2746 and CVE-2025-2747 (authentication bypasses in Kentico Xperience CMS), and CVE-2022-48503 (arbitrary code execution in Apple’s JavaScriptCore). While exploitation details for some are limited, the presence in CISA’s KEV catalog indicates active or imminent threat. Federal Civilian Executive Branch agencies must remediate these by November 10, 2025. The vulnerabilities affect widely used enterprise software and operating systems, emphasizing the need for rapid patching and monitoring to prevent data breaches, ransomware attacks, and system takeovers.

European organizations using Oracle E-Business Suite, Microsoft Windows SMB Client, or Kentico Xperience CMS face significant risks from these vulnerabilities. Exploitation of Oracle EBS flaws could lead to unauthorized access to sensitive financial and operational data or full system compromise, impacting confidentiality, integrity, and availability of critical business processes. Given Oracle EBS’s widespread adoption in European enterprises and public sector entities, successful attacks could disrupt supply chains, financial operations, and regulatory compliance. The Microsoft SMB Client vulnerability could enable privilege escalation on Windows systems, facilitating lateral movement and persistence in corporate networks. Kentico CMS authentication bypasses threaten web infrastructure integrity, potentially allowing attackers to control administrative functions and deploy malicious content or ransomware. The association of some exploits with extortion groups like Cl0p raises the risk of ransomware incidents targeting European organizations. Overall, these vulnerabilities could cause data breaches, operational downtime, financial losses, reputational damage, and regulatory penalties under GDPR and other frameworks.

European organizations should immediately identify and prioritize patching of affected Oracle EBS components, especially the Runtime Configurator module, applying vendor-supplied updates or mitigations. Network segmentation and strict access controls should limit exposure of Oracle EBS servers to untrusted networks. Deploy Web Application Firewalls (WAFs) with rules to detect and block SSRF attack patterns. For Microsoft Windows SMB Client, ensure all systems are updated with the June 2025 security patches and monitor for unusual privilege escalation attempts. Kentico Xperience CMS instances must be updated to the latest patched versions released in March 2025, and administrators should audit staging and synchronization configurations to prevent unauthorized access. Implement robust logging and alerting to detect exploitation attempts, including monitoring for indicators of compromise linked to Cl0p and other extortion groups. Conduct regular vulnerability scans and penetration tests focused on these components. Finally, enforce strict identity and access management policies, including multi-factor authentication and least privilege principles, to reduce attack surface and limit impact.