THE CORTEX PROTOCOL
🏠Home🚨Threats🧩Patches📚Books🎬Mission Logs
🔴 HIGHalert

Five New Exploited Bugs Land in CISA's Catalog - Oracle and Microsoft Among Targets

Category:Threat Alerts / Vulnerabilities & Exploits
CISA added five security flaws to the Known Exploited Vulnerabilities (KEV) catalog, confirming real‑world exploitation. Highlights include Oracle E‑Business Suite SSRF (CVE-2025-61884) and RCE (CVE-2025-61882), plus Microsoft Windows SMB Client privilege escalation (CVE-2025-33073) and two Kentico Xperience authentication bypass bugs (CVE-2025-2746/2747). Agencies must remediate by Nov 10, 2025.

🎯CORTEX Protocol Intelligence Assessment

Business Impact: KEV inclusion signals active exploitation; delayed patching increases breach risk. Technical Context: Mix of unauthenticated RCE/SSRF and auth bypasses creates broad attack surface across ERP, CMS, and Windows clients.

Strategic Intelligence Guidance

  • Prioritize KEV-listed CVEs in patch SLAs and track exceptions.
  • Harden internet-facing Oracle EBS and CMS deployments.
  • Hunt for exploitation artifacts via web and auth logs.
  • Validate compensating controls where patching lags.

CVEs

CVE-2025-61884CVE-2025-61882CVE-2025-33073CVE-2025-2746CVE-2025-2747

Vendors

OracleMicrosoftKentico

Threats

Active exploitation

Targets

ERPCMSWindows

Tags

#cisa#kev#oracle#microsoft#kentico
Intelligence Source: Five New Exploited Bugs Land in CISA's Catalog - Oracle and Microsoft Among Targets | Oct 21, 2025
More stories in Vulnerabilities & Exploits