Cyber attackers are rapidly exploiting newly disclosed and zero day vulnerabilities across enterprise systems, from business-critical ERP platforms to open-source infrastructure and global supply chains. This week’s top threats show how quickly exploitation can begin once details become public, impacting Oracle E-Business Suite, Redis servers, and corporate networks worldwide.
Oracle E-Business Suite Zero-Day Enables Full ERP Compromise
A newly discovered zero day vulnerability (CVE-2025-61882) in Oracle E-Business Suite (EBS) is being actively exploited in the wild, allowing remote code execution (RCE) through sandbox escape across critical ERP modules. The flaw, uncovered by cybersecurity researchers and monitored by vendors such as Tenable and CrowdStrike, combines chained deserialization and exploit chain bugs to grant attackers system-level access to sensitive financial, HR, and supply chain data.
This zero day attack has been attributed to Clop-affiliated threat actors, who are using it to conduct large-scale data theft and extortion campaigns targeting enterprises and higher-education institutions. Oracle responded by issuing an emergency patch during its October 2025 Critical Patch Update cycle, while CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog.
Key Facts:
• Affects Oracle EBS versions 12.2.3–12.2.14
• Exploited in the wild since September 2025
• Enables remote code execution with minimal authentication requirements
Mitigation Guidance:
To reduce the impact of zero day vulnerabilities like CVE-2025-61882, organizations should immediately apply Oracle’s Security Alert and related patches. Until full remediation is possible, restrict external access to Oracle EBS interfaces and configure Web Application Firewall (WAF) rules to block known malicious payloads.
Security teams should also enable continuous monitoring for signs of compromise, such as web shell activity, abnormal logins, or suspicious API requests targeting EBS endpoints. Additionally, segment ERP systems from less-trusted network zones and enforce role-based access controls (RBAC) to prevent lateral movement and privilege escalation.
For a deeper look at ERP security best practices, explore RSI Security’s related blog: Conducting a Data Breach Tabletop Exercise.
➜ Learn more: Oracle EBS Security Advisory
Redis Vulnerability Enables Remote Code Execution via Lua Sandbox Escape
A newly disclosed zero day vulnerability (CVE-2025-49844) in Redis, one of the world’s most widely used in-memory databases, exposes millions of deployments to remote code execution (RCE). The flaw a use-after-free bug in Redis’s Lua scripting engine, allows authenticated users to escape the Lua sandbox and execute arbitrary commands directly on the host system.
Security researchers report that many Redis servers remain publicly accessible online, with mass scanning and exploitation attempts beginning just days after disclosure. With a CVSS score of 9.9 (Critical), this Redis zero day is among the most severe risks seen in recent years.
Key Facts:
• Affects Redis versions prior to 8.2.2
• Enables Lua sandbox escape → host code execution
• Confirmed active scanning and exploitation in the wild
Mitigation Guidance:
•Upgrade immediately to Redis 8.2.2 or later, following the Redis Security Advisory.
• For systems unable to patch promptly, disable risky commands (e.g., EVAL), enforce ACLs, and isolate Redis instances from the internet.
• Apply network segmentation and authentication controls (passwords or TLS) to prevent unauthorized access.
• Maintain continuous monitoring for unexpected script executions or outbound connections from Redis hosts.
➜ Learn more: Redis Release Notes
Ransomware Attack Disrupts Asahi Group Operations
Asahi Group Holdings, the global beverage manufacturer, announced a delay in releasing its financial results following a ransomware attack that crippled its operational and accounting systems. According to Reuters, the incident, linked to the Qilin ransomware group, began on September 29, 2025, forcing the company to halt shipments and delay disclosures across multiple regions.
The Qilin threat actors, known for double-extortion tactics, have reportedly posted samples of stolen Asahi data on their leak site. This incident underscores how ransomware groups are increasingly leveraging zero day vulnerabilities and unpatched systems to target large enterprises in critical sectors, including food, beverage, and logistics.
Key Facts:
• Attack began September 29, 2025
• Caused financial reporting delays and IT outages
• Claimed by the Qilin ransomware group
Mitigation Guidance:
To strengthen defenses against ransomware and zero day vulnerabilities, organizations should first validate supplier cybersecurity controls and confirm that business continuity plans include ransomware-specific recovery playbooks.
Regularly review and test offline backup and restoration procedures, ensuring backups are isolated from production networks. Deploy Endpoint Detection and Response (EDR) tools to monitor for lateral movement and privilege escalation, especially within operational technology (OT) environments.
For deeper insights, read RSI Security’s guide: How to Identify Signs of Ransomware Attacks.
➜ Read the full breach coverage: Reuters Report
What These Threats Reveal About the Modern Attack Surface
These recent high-severity incidents, including two zero day vulnerabilities and a major ransomware breach, highlight the urgent need for proactive patch management, continuous monitoring, and layered defense strategies. Threat actors are accelerating the time between vulnerability disclosure and active exploitation, often compromising unpatched systems within days.
Organizations must stay ahead of emerging threats by prioritizing zero day vulnerability management and strengthening overall cyber resilience.
Contact RSI Security today to assess your exposure, enhance your patching processes, and stay ahead of the evolving threat landscape.
Contact Us Now!
