Oracle has issued an alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite software, which allows attackers to perform unauthenticated remote code execution. The flaw is located within the Concurrent Processing product and has a CVSS base score of 9.8 due to its lack of authentication and ease of exploitation.
The vulnerability was actively exploited by the Clop ransomware gang in recent data theft attacks, including one that occurred in August 2025. Oracle has confirmed that it released an emergency update to address the flaw, but customers must first install the October 2023 Critical Patch Update before installing the new security updates.
Threat actors from Scattered Lapsus$ Hunters recently leaked a file claiming to be the exploit used by Clop, which contains Python scripts and appears to be related to the “support.oracle.com” URL. Oracle’s indicators of compromise confirm that this is the same file listed by the company.
The attack highlights the importance of keeping software up-to-date and patching vulnerabilities promptly. Customers should prioritize installing the emergency update as soon as possible to protect themselves from potential attacks.
Source: https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks