Oracle has released an emergency security update for a critical zero-day vulnerability, tracked as CVE-2025-61882, in its E-Business Suite (EBS). This flaw, which has a CVSS score of 9.8, allows unauthenticated attackers to execute code remotely and was actively exploited by the Clop ransomware gang in data theft attacks. The vulnerability affects EBS versions 12.2.3 through 12.2.14, and Oracle urges administrators to install the patch immediately, noting they must first apply the October 2023 Critical Patch Update.
The exploitation was part of a Clop extortion campaign in August 2025, where the group stole data from corporate EBS systems and demanded ransom. While Oracle initially linked the attacks to flaws patched in July, it was later confirmed that this new zero-day was used. The exploit files were subsequently leaked online by a separate threat group known as "Scattered Lapsus$ Hunters," though their exact relationship with Clop remains unclear.
Oracle has published indicators of compromise, including specific IP addresses and file hashes associated with the attacks. This incident continues Clop's history of exploiting zero-days in major software platforms to conduct large-scale data theft and extortion campaigns. The public availability of the exploit code makes prompt patching critically important for all affected organizations.
Read more...