SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 7 October 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
More Details About Oracle 0-Day
The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities.
https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346
https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/
Redis Vulnerability
Redis patched a ciritcal use after free vulnerability that could lead to arbitrary code execution.
https://redis.io/blog/security-advisory-cve-2025-49844/
GoAnywhere Bug Exploited
Microsoft is reporting about the exploitation of the recent GoAnywhere vulnerability
https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Tuesday, October 7th, 2025 edition of the Sands and at Storm Center's Stormcast. |
| 0:12.7 | My name is Johannes Ulrich, recording today from Denver, Colorado. |
| 0:17.7 | And this episode is brought you by the Sands.edu graduate certificate program in cybersecurity leadership. |
| 0:25.1 | Today, the big topic was still the patch being released by Oracle on Saturday for the Oracle E business suite. |
| 0:34.4 | I talked about it already yesterday. |
| 0:36.8 | Now there is no new update from Oracle about this, |
| 0:40.0 | so their advice still counts, apply the patch released on Saturday, in order to be protected |
| 0:46.7 | against this vulnerability. Now, after recording the podcast yesterday, I found a copy of the exploit script that was referenced |
| 0:56.2 | in Oracle's write-up. So this was basically the exploit script recovered from these |
| 1:01.8 | ransomer attacks. The exploit is quite complex. There's also a great and much more |
| 1:10.3 | detailed write-up by Watchtower explaining |
| 1:14.1 | what exactly is going on here. There are actually sort of a couple little exploits that are |
| 1:19.7 | being used in order to really make everything work. There's like a directory traversal in one |
| 1:25.3 | spot, for example, in order to make this exploit work without having to |
| 1:30.2 | authenticate first. But the critical part of the exploit is a server-side request forgery |
| 1:37.3 | issue using a somewhat interesting and, well, I think a little bit archaic in some ways, |
| 1:42.3 | technology XSLT. |
| 1:45.1 | This is essentially sort of style sheets for XML files. |
| 1:50.0 | And this has been used for server-side request forgery before. |
| 1:54.4 | The trick here is essentially that as part of an XML file, |
| 1:58.0 | you can reference an external file that will tell you how to render a |
| 2:04.1 | particular XML file, and that is sort of requesting that external file is triggering the server-side |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.