Oracle has issued an emergency update to fix a critical security flaw in its E-Business Suite, which was exploited by hackers in recent Cl0p data theft attacks. The vulnerability, identified as CVE-2025-61882, allows unauthenticated attackers to take control of the Oracle Concurrent Processing component via HTTP.
The company says that if successfully exploited, this vulnerability can result in remote code execution, putting sensitive data at risk. Oracle has released fixes for the issue and shared indicators of compromise (IoCs) with the public, which point to the involvement of the Scattered LAPSUS$ Hunters group.
This update comes after reports emerged of a new campaign by the Cl0p ransomware group targeting Oracle E-Business Suite. Google-owned Mandiant described the activity as a “high-volume email campaign” launched from hundreds of compromised accounts.
Charles Carmakal, CTO of Mandiant at Google Cloud, stated that Cl0p exploited multiple vulnerabilities in Oracle EBS, including CVE-2025-61882, which was patched earlier this year. He advised organizations to examine whether they were already compromised and take measures to protect themselves against similar attacks.
Source: https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html