Oracle patches actively exploited zero-day vulnerability in E-Business Suite

Oracle patches actively exploited zero-day vulnerability in E-Business Suite

Briefly

"Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft attacks by the Clop group. This is a zero-day vulnerability, registered as CVE-2025-61882, which allows remote code execution on affected systems without authentication. The flaw is located in the Concurrent Processing component of Oracle E-Business Suite, in the integration with BI Publisher. According to Oracle, the vulnerability has a CVSS score of 9.8."

"An attacker can exploit it via the network without a username or password, BleepingComputer reports. In that case, arbitrary code can be executed on the server. The vulnerability affects E-Business Suite versions 12.2.3 through 12.2.14. Oracle has released an emergency patch that can only be installed if the October 2023 Critical Patch Update has been previously applied. The vulnerability is already being actively exploited by the Clop ransomware group, which stole large amounts of company data in August."

"It is noteworthy that the exploit code for this vulnerability recently appeared on Telegram. The files were shared by a group calling itself Scattered Lapsus$ Hunters. This group claims to consist of members of Scattered Spider, Lapsus$, and ShinyHunters. The club published files that they claim are related to the Clop attacks. The leaked archive contained Python scripts that can be used to exploit a vulnerable E-Business Suite installation, allowing for the opening of a reverse shell or executing commands."