CVE-2021-35587 - Oracle Cloud Security Incident (March 21, 2025)

We are aware of a recent third-party report titled “The Biggest Supply Chain Hack of 2025”, which alleges a significant breach of Oracle Cloud Infrastructure (OCI) potentially affecting over 140,000 tenants.

At this time, Oracle has not confirmed the breach, and Kasm Technologies has not received any notification from Oracle indicating compromise of our systems or customer data.

Despite this, we are taking proactive measures to ensure the continued integrity and security of our services.

What We’ve Done

• We have completed a comprehensive review of all Oracle Cloud-related access logs and systems. No abnormalities or unauthorized access have been identified.

• All Kasm SaaS and development environments already enforce strong password policies and mandatory Multi-Factor Authentication (MFA) as a standard security practice.

• Out of an abundance of caution, we are proactively rotating all Oracle-related credentials associated with our SaaS customer environments, even though there is no indication of compromise.

Why It Matters

We believe proactive defense is the cornerstone of good security practice. Even in the absence of direct impact or confirmation from Oracle, we are acting swiftly to eliminate potential risk vectors that could affect our customers. Our goal is to ensure that your environments remain secure and uninterrupted.

We continue to monitor the situation closely and will provide further updates if more verifiable information becomes available.

For any questions, please contact your account representative or email us at security@kasmweb.com.