"Oracle has issued a fix for a critical remote code execution (RCE) vulnerability in its E-Business Suite (EBS) as the well-used ERP software package emerges as the latest vector for mass Cl0p (aka Clop) ransomware attacks. The Oracle EBS ecosystem is deeply embedded in enterprise financial and operational systems, which offers hackers access to a wide range of high-value targets and potentially extreme impacts."
"Rated 9.8 on the CVSS scale, it is considered relatively easy to take advantage of. Importantly, an unauthenticated attacker can exploit it over the network without any user interaction needed, leading to RCE. Jake Knott, principal security researcher at watchTowr, said that exploitation of EBS appeared to date back to August 2025, and warned that as of Monday 6 October, exploit code for CVE-2025-61882 was publicly available."
"In its advisory notice Oracle shared a number of indicators of compromise (IoCs) that appeared to link exploitation of CVE-2025-61882 to both the Cl0p ransomware crew and the Scattered Lapsus$ Hunters collective - which is not necessarily implausible as Scattered Spider has been known to act as a ransomware affiliate in the past."
An unauthenticated critical remote code execution vulnerability, CVE-2025-61882, affects Oracle E-Business Suite versions 1.2.2.3 through 12.2.14 in a concurrent task processing component. The flaw carries a CVSS score of 9.8 and can be exploited remotely over the network without user interaction. Exploitation activity appears to have begun in August 2025, and exploit code was publicly released by 6 October 2025. Indicators of compromise link exploitation to the Cl0p ransomware group and the Scattered Lapsus$ Hunters collective. Oracle released security updates and IoCs and stated that the October 2023 Critical Patch Update is a prerequisite for the fixes.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]