DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day
SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day

SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day

Update: 2025-10-06
Share

Description



Oracle E-Business Suite 0-Day CVE-2025-61882

Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability.

https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

Zimbra Exploit Analysis

An exploit against a Zimbra system prior to the patch release is analyzed. These exploits take advantage of .ics files to breach vulnerable systems.

https://strikeready.com/blog/0day-ics-attack-in-the-wild/

Unity Editor Vulnerability CVE-2025-59489

The Unity game editor suffered from a code execution vulnerablity that would also expose software developed with vulnerable versions

https://unity.com/security/sept-2025-01
Comments 
In Channel
loading
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day

SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day

Dr. Johannes B. Ullrich