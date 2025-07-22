Cloud Security, Vulnerability Management

Oracle patches severe Cloud Shell vulnerability

Security Brief Australia reports that a newly disclosed remote code execution flaw in Oracle Cloud Infrastructure's Code Editor highlights the security risks of deeply integrated cloud services, according to Tenable researchers.

The vulnerability, now patched by Oracle, enabled attackers to execute arbitrary code on a user's Oracle Cloud Shell by luring them into clicking a malicious link. Once exploited, this could have given attackers access to sensitive data, allowed them to escalate privileges, and move laterally into other OCI services like Resource Manager or Data Science. Tenable's Liv Matan likened the risk to a "Jenga" scenario, where one insecure integration could destabilize an entire cloud system. The incident serves as a warning about the cascading vulnerabilities that can emerge in interconnected platforms. Tenable advises organizations to adopt least privilege policies, closely monitor logs, and map service dependencies to avoid similar exposures. "Cloud security isn't just about reacting to threats," said Matan, "but actively preventing them by understanding the complexity of interconnected services."

