Oracle has swiftly released a critical update to address a severe security vulnerability in its E-Business Suite, a flaw that has reportedly been exploited in recent data theft attacks linked to the Cl0p group. The vulnerability, identified as CVE-2025-61882 with a CVSS score of 9.8, allows unauthenticated attackers with network access via HTTP to potentially gain control over the Oracle Concurrent Processing component.
According to Oracle, this vulnerability is particularly alarming because it can be exploited remotely without any authentication, meaning attackers do not require a username or password to execute the attack. If successfully exploited, the implications could lead to remote code execution.
In subsequent advisories, Rob Duhart, Oracle’s Chief Security Officer, emphasized the importance of applying the patches for CVE-2025-61882, noting that their internal investigations revealed additional potential exploits.
Oracle also shared indicators of compromise (IoCs), including certain IP addresses and specific artifacts that suggest involvement from groups associated with the recent Cl0p ransomware attacks. The shared information indicated potential GET and POST activities, as well as the establishment of outbound TCP connections, revealing a clear pattern of compromise.
The emergence of this zero-day vulnerability comes on the heels of upgrades by Cl0p, who, as observed by cybersecurity experts, have exploited multiple vulnerabilities in Oracle E-Business Suite over previous months. Mandiant, a Google company, reported a surge in email campaigns emanating from compromised accounts likely linked to these vulnerabilities.
Charles Carmakal, Mandiant’s CTO, remarked on the extensive exploitation of Oracle EBS vulnerabilities, highlighting that data has been compromised across various organizations, including vulnerabilities patched in Oracle’s previous updates. He urged organizations to scrutinize their security postures, as the threat of exploitation remains high regardless of patch application.
This situation is still developing, and further details will continue to emerge as investigations proceed.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.