Oracle Rushes Emergency Patch for Actively Exploited E-Business Suite Flaw
Oracle has swiftly issued an emergency patch to address a critical security vulnerability, CVE-2025-61882, in its E-Business Suite. This flaw is currently being exploited by the notorious Cl0p ransomware group, leading to data theft and potential system takeovers.
The vulnerability allows unauthorized attackers to gain control of the Oracle Concurrent Processing component. Cl0p hackers have been exploiting this weakness, along with abusing EBS local-account password-reset flows, to steal credentials and exfiltrate sensitive data. The flaw is easily exploitable via HTTP, posing a significant threat.
Oracle's prompt response comes after Cl0p claimed to have breached Oracle's E-Business Suite, demanding ransoms of up to $50 million. Cl0p is known for its aggressive tactics, having launched major attacks in recent years by exploiting zero-day flaws in popular software. FIN11, a financially motivated hacker group, is associated with the Cl0p ransomware and the current operation.
Mandiant, a cybersecurity firm, recommends investigating environments for indicators of compromise linked to Cl0p's activities. Attackers can exploit a server-side chain using SSRF and CRLF injection for remote code execution without leaving disk-based artifacts.
Organizations using Oracle's E-Business Suite are urged to apply the emergency patch immediately to mitigate the risk of data theft and system compromise. The patch addresses the critical flaw (CVE-2025-61882) that Cl0p hackers have been actively exploiting. Regular security audits and prompt patch management are crucial to protect against evolving threats.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Germany's Customs Uncovers Wage, Immigration Violations in Hotel Industry
- Thriving once more: recovery of the gaming sector's downfall
- U.S. & China Agree to Temporary Trade Truce, Easing Tariffs
