Clop Group Exploits Critical Zero-Day Vulnerability in Oracle E-Business Suite

Oracle has confirmed the active exploitation of a critical zero-day vulnerability in E-Business Suite (EBS), identified as CVE-2025-61882, which allows remote code execution without authentication. The flaw has been exploited since August 2025 by the Clop ransomware group in a large-scale data theft campaign that has already impacted multiple organizations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities Catalog on October 6, 2025, setting a deadline of October 27 for remediation by U.S. federal agencies.

Vulnerability details

CVE-2025-61882 has a CVSS score of 9.8 (critical) and affects Oracle E-Business Suite versions 12.2.3 through 12.2.14. The vulnerability resides in the BI Publisher Integration component of Oracle Concurrent Processing and can be exploited remotely over HTTP without credentials. According to Mandiant, the Clop group exploited multiple vulnerabilities in Oracle EBS, including CVE-2025-61882 and others patched in the July 2025 update, enabling the theft of large volumes of data. Ransom demands have reached USD 50 million.

Background on the Clop group

The Clop group is known for exploiting zero-day vulnerabilities in enterprise platforms. In 2023, it compromised more than 2,700 organizations by exploiting MOVEit Transfer. The current campaign follows the same pattern: mass exploitation, data theft, and extortion.

In this context, SEK recommends:

  • Immediately applying the security patches released by Oracle to address the flaw.
  • Testing updates in non-production environments before deploying them to production.
  • Scanning Oracle EBS environments for Indicators of Compromise (IOCs) provided by Oracle, available at this link.

SEK continues to actively monitor the evolution of this campaign and remains available to assist clients with implementing protection measures and investigating potential compromises.

More content like this:

Zabbix releases fixes for three vulnerabilities in monitoring agents

Zabbix has disclosed three security vulnerabilities affecting multiple versions of its monitoring agents and servers.

Extraordinary VNA – PAN-OS

Critical PAN-OS vulnerability (CVE-2024-3400) is being exploited worldwide — apply patches immediately

Privacy Overview
SEK

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)