Oracle Warns of Critical E-Business Suite Vulnerability Exploited by Cl0p Ransomware
Oracle has warned of a critical vulnerability in its E-Business Suite that allows unauthenticated hackers to remotely execute code. The Cl0p ransomware group has exploited this flaw, CVE-2025-61882, since August 2025, stealing vast amounts of data from multiple victims.
The vulnerability, patched in Oracle's October 2025 Critical Patch Update, was first announced on October 4, 2025. It affects the BI Publisher component of Oracle E-Business Suite. Security firm Arctic Wolf strongly advises upgrading to the latest fixed version to mitigate the risk.
Oracle EBS customers have reported receiving extortion emails related to this vulnerability. A proof-of-concept exploit for CVE-2025-61882 has been circulating in private Telegram channels, increasing the urgency for users to patch their systems. This vulnerability was part of a larger campaign exploiting several EBS flaws addressed in Oracle's July 2025 update.
Oracle E-Business Suite users must prioritise applying the fix for CVE-2025-61882 and other relevant patches. Failure to do so leaves systems exposed to remote code execution and data theft by threat actors like Cl0p. Law enforcement continues to target ransomware groups, but proactive defence remains the best strategy for businesses.
