National Cyber Emergency Response Team has issued an urgent advisory alerting government departments, military institutions, and organizations managing critical infrastructure about a severe security flaw in Oracle E-Business Suite. This vulnerability allows attackers to gain complete control of affected systems without requiring passwords, posing a significant risk to sensitive data and operational continuity. National CERT stated that the flaw is currently being exploited to execute high-level commands on unpatched systems, leading to unauthorized access, potential data theft, and extortion attempts targeting both government and enterprise networks. Officials emphasized that any compromise of Oracle EBS, which handles finance, HR, and supply chain operations, could result in extensive operational and reputational consequences.
The vulnerability, tracked as CVE-2025-61882, carries a critical severity score of 9.8. Exploitation does not require user interaction or special permissions and can be executed over standard web traffic such as HTTP or HTTPS. Systems exposed to the internet or lacking proper network segmentation are particularly at risk. National CERT highlighted that unpatched Oracle EBS installations remain highly vulnerable, and attackers are actively leveraging this weakness to gain administrative access and manipulate core processes. Departments using shared or hybrid infrastructure are at additional risk due to increased exposure to external networks.
To address the threat, National CERT has outlined immediate protective measures for organizations with Oracle EBS systems. Entities are advised to install Oracle’s latest security updates promptly, restrict access to management interfaces, and deploy firewalls or secure gateways to reduce exposure. Continuous monitoring of system logs, unusual data transfers, and attempts to bypass authentication is strongly recommended. Organizations are also urged to enforce multi-factor authentication for privileged accounts and update passwords regularly. Maintaining updated offline backups of EBS databases and activating incident response plans in case of suspected breaches are additional steps recommended to mitigate the impact of potential attacks.
National CERT has called on all government departments, military institutions, and affiliated organizations to widely circulate the advisory and implement the recommended security practices without delay. The advisory stresses the importance of integrating this vulnerability into ongoing risk management processes and continuously monitoring systems for malicious activity. Delays in applying patches or strengthening security measures could result in operational outages, ransom demands, legal repercussions, and lasting harm to essential government functions. Stakeholders have been urged to prioritize protection of Oracle EBS systems and maintain vigilance to safeguard sensitive data and critical services.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
