CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)

CrowdStrike reports a mass-exploitation campaign exploiting a novel Oracle E-Business Suite zero-day (CVE-2025-61882) that enables unauthenticated RCE and has been used for data exfiltration; the report details exploitation vectors (authentication bypass to /OA_HTML/SyncServlet and malicious XSLT template upload via XML Publisher), includes IOCs and a published PoC, and attributes activity with moderate confidence to GRACEFUL SPIDER while warning that PoC release will likely spur further weaponization.