Oracle patches actively exploited zero-day vulnerability in E-Business Suite
Briefly

Oracle patches actively exploited zero-day vulnerability in E-Business Suite
"Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft attacks by the Clop group. This is a zero-day vulnerability, registered as CVE-2025-61882, which allows remote code execution on affected systems without authentication. The flaw is located in the Concurrent Processing component of Oracle E-Business Suite, in the integration with BI Publisher. According to Oracle, the vulnerability has a CVSS score of 9.8."
"An attacker can exploit it via the network without a username or password, BleepingComputer reports. In that case, arbitrary code can be executed on the server. The vulnerability affects E-Business Suite versions 12.2.3 through 12.2.14. Oracle has released an emergency patch that can only be installed if the October 2023 Critical Patch Update has been previously applied. The vulnerability is already being actively exploited by the Clop ransomware group, which stole large amounts of company data in August."
"It is noteworthy that the exploit code for this vulnerability recently appeared on Telegram. The files were shared by a group calling itself Scattered Lapsus$ Hunters. This group claims to consist of members of Scattered Spider, Lapsus$, and ShinyHunters. The club published files that they claim are related to the Clop attacks. The leaked archive contained Python scripts that can be used to exploit a vulnerable E-Business Suite installation, allowing for the opening of a reverse shell or executing commands."
CVE-2025-61882 is an unauthenticated remote code execution vulnerability in the Concurrent Processing component of Oracle E-Business Suite integrated with BI Publisher. The flaw carries a CVSS score of 9.8 and affects E-Business Suite versions 12.2.3 through 12.2.14. Exploitation can occur over the network without credentials and allows arbitrary code execution on the server. The Clop ransomware group actively exploited the flaw to steal large volumes of corporate data and issue extortion demands. Oracle issued an emergency patch that requires the October 2023 Critical Patch Update as a prerequisite. Exploit code and Python scripts were later leaked on Telegram.
Read at Techzine Global
Unable to calculate read time
[
|
]