Monthly Archives: October 2025

Standard

Posted by

Posted on

October 24, 2025

Posted under

Uncategorized

Comments

Leave a comment

Oracle EBS Zero-Day Vulnerabilities: What You Need to Know About Recent CVE’s

Oracle issued two critical vulnerabilities in September 2025, CVE-2025-61882 and CVE-2025-61884. Affecting Oracle E-Business Suite (EBS). These vulnerabilities have been actively exploited in the wild, impacting organizations such as Harvard University and American Airlines’ subsidiary, Envoy Air.

CVE-2025-61882 may impact BI/Analytics Publisher functionality.
CVE-2025-61884 can be mitigated further by disabling Oracle Configurator if unused.

Mitigation:
Refer to MOS documents 3106344.1 and 3107176.1 for detailed patching and mitigation steps.

Risk Assessment:
While both vulnerabilities are critical, environments not exposed externally have a reduced immediate risk. Nevertheless, the recent breaches highlight the importance of timely patching and vigilant monitoring.

Threat Actor:
The Cl0p ransomware group has claimed responsibility for exploiting these vulnerabilities, leading to data breaches at several organizations. For instance, over 1.3 TB of data allegedly stolen from Harvard was posted on the Cl0p data leak website

Summary of the Oracle EBS patches and mitigations for CVE-2025-61882 and CVE-2025-61884.


CVE-2025-61882 – Oracle EBS
Affected Releases: 12.1.3, 12.2

Release 12.2:

  • Apply Patch 38501230:R12.TXK.C and Patch 38501349:R12.CAC.C (hotpatch mode).
  • Stop and restart Oracle EBS.
  • Apply Patch 38501757:R12.XDO.C (hotpatch mode).
  • If ojspCompile.pl errors occur, apply Patch 38502365:R12.TXK.C (hotpatch mode).

Release 12.1.3:

  • Apply Patch 38501376:R12.TXK.B and Patch 38501349:R12.CAC.B (hotpatch mode).
  • Stop and restart Oracle EBS.
  • Apply Patch 38501757:R12.XDO.B (hotpatch mode).

Note: BI/Analytics Publisher functionality (create, copy, preview templates) will be impacted.

Workaround: Use “Moving Templates and Data Definitions Between E-Business Suite Instances” in the Oracle XML Publisher guide. https://docs.oracle.com/cd/B34956_01/current/acrobat/120xdoig.pdf

CVE-2025-61884 – Oracle EBS
Affected Releases: 12.1.3, 12.2

Release 12.2:

  • Apply Patch 38512809:R12.CZ.C and Patch 37614922:R12.IES.C.

Release 12.1.3:

  • Apply Patch 38512809:R12.CZ.B and Patch 37614922:R12.IES.B.

Optional Mitigation:

Disable Oracle Configurator if not in use:

Perform the following steps using the Functional Administrator responsibility:

  1. Go to the Management by Product Hierarchy tab.
  2. In the left panel under the Order Management & Logistics product family, click Configurator.
  3. In the right panel under the Details region, deselect the Enable checkbox.
  4. Click Apply.

Standard

Posted by

Posted on

October 21, 2025

Posted under

Uncategorized

Comments

Leave a comment

Oracle Autonomous Database Updated to 26AI

We recently noticed that our Autonomous Database, previously on Oracle Database 23AI, has been updated to Oracle Database 26AI. There was no prior announcement or notification regarding this change.

After reviewing Oracle’s documentation, it appears that 26AI is an incremental update rather than a major version upgrade. Unlike traditional releases, this version adds new AI capabilities on top of Oracle Database 23AI without altering the internal architecture or existing APIs.

As a result, there is no need for application re-certification or complex upgrade steps—the transition is seamless.

Update path summary:

  • Oracle Database 19c → 26AI (requires full upgrade)
  • Oracle Database 21c → 26AI (requires full upgrade)
  • Oracle Database 23AI → 26AI (applies October Release Update)

Essentially, for customers already on Oracle Database 23ai, the transition to 26ai is simple: just apply the October 2025 release update. No major architecture change, no application recertification required. It retains full mission-critical database capabilities, transactional, operational, analytic workloads and can run across environments (Oracle Cloud, other hyperscale clouds, private cloud, on-premises).

Oracle AI Database 26ai announcement: Oracle introduces its AI-native database, Oracle AI Database 26ai

For more detailed information on bug fix and patch release policies and dates, please refer to the Database Error Correction
Support Policy (Doc ID 209768.1) and the Release Schedule of Current Database Releases (Doc ID 742060.1)
Information on upgrade paths can be found in the Database Upgrade Guide for the release you plan to upgrade to. Product
documentation can be found at https://docs.oracle.com in the Oracle Help Center

Standard

Posted by

Posted on

October 20, 2025

Posted under

oracle

Comments

Leave a comment

Oracle AI World Reflection

Attending and presenting at Oracle AI World for the first time was an insightful and inspiring experience that deepened my understanding of how AI is transforming enterprise technology. The sessions highlighted practical applications from automating business processes to enhancing data-driven decision-making and reinforced Oracle’s commitment to responsible and ethical AI adoption.

I especially valued hearing from industry experts on integrating AI with Oracle Cloud and E-Business Suite to drive efficiency, innovation, and scalability. The event showcased how AI is not just a technological advancement but a strategic enabler for future growth.

Oracle did a phenomenal job organizing the conference from engaging keynote sessions and sponsor/vendor booths to hands-on labs, expert panels, and networking meetups all while accommodating over 25,000+ attendees. The experience concluded on a high note with an incredible Def Leppard concert, making the entire event both impactful and unforgettable.