Harvard University and Envoy, an American Airlines subsidiary, have confirmed data breaches linked to a zero-day vulnerability CVE-2025-61882 in Oracle’s E-Business Suite software.