SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited
Oct 7, 2025
A newly discovered Oracle 0-day exploit poses serious risks with its widespread availability. The discussion dives into the complexities of the exploit script, highlighting how an XSLT-based technique enables remote code execution. Redis also faced a critical vulnerability, emphasizing the need for prompt patching. Furthermore, Microsoft has revealed active exploitation of a GoAnywhere bug; users are urged to apply patches to safeguard their systems. The session is packed with urgent cybersecurity insights and the importance of proactive defense.
AI Snips
Chapters
Transcript
Episode notes
Patch And Isolate Oracle E-Business Suite
- Apply Oracle's patch for the eBusiness Suite immediately to block known exploit chains.
- Isolate and block external file downloads to reduce attack surface while you patch.
Complex Multi-Stage Exploit Chain Revealed
- The exploit chain uses multiple tricks including directory traversal and an XSLT-based SSRF leading to RCE.
- The complexity means few understand all facets, but public scripts make copycat attacks likely.
Prepare For Copycat Exploits
- Expect rapid copycat exploits once public scripts and detailed write-ups appear and act quickly.
- Monitor your Oracle eBusiness servers and increase isolation to limit exploit facets attackers can reuse.