Oracle urges customers to patch an E-Business Suite vulnerability that cybercriminals are exploiting; Google's Mandiant says the Clop hacking group exploited it
AWAITING ANALYSIS — This CVE record has been marked for NVD enrichment efforts. CrowdStrike : CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882) Resecurity : CVE-2025-61882 Mass Exploitation — Oracle E-Business Suite (EBS) Under Attack By Cl0p Ransomware Florence Nightingale / Cyber Security News : CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day Ionut Arghire / SecurityWeek : Fortra GoAnywhere MFT Zero-Day Exploited In Ransomware Attacks Nicole Kobie / ITPro : Oracle patches EBS amid extortion attacks Phil Muncaster / Infosecurity : NCSC: Patch Critical Oracle EBS Bug Now Sead Fadilpašić / TechRadar : Oracle forced to rush out patch for zero-day exploited in attacks Matt Kapko / CyberScoop : Oracle zero-day defect amplifies panic over Clop's data theft attack spree Jeffrey Burt / Security Boulevard : Cl0p Ransomware Group Exploited in a Zero-Day in Oracle EBS Attacks Zeljka Zorz / Help Net Security : Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) Alex Scroxton / ComputerWeekly.com : Oracle patches E-Business suite targeted by Cl0p ransomware Cyber Security Agency of Singapore : Active Exploitation of Zero-Day Vulnerability in Oracle E-Business Suite DataBreaches.Net : Update on the emerging CL0P extortion campaign targeting Oracle E-Business Suite David Jones / Cybersecurity Dive : Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day X: Rishi / @rxerium : 🚨 Critical zero-day tagged as CVE-2025-61882 (CVSS 9.8) affecting Oracle E-Business Suite I've created a vulnerability detection script here: https://github.com/... This vulnerability is remotely exploitable without authentication. Patches are available as per Oracle's [image] @ncsc : The NCSC is encouraging UK organisations to take immediate action to mitigate a vulnerability (CVE-2025-61882) affecting Oracle E-Business Suite. More info here👇 https://www.ncsc.gov.uk/... Florian Roth / @cyb3rops : What's much more interesting to me than detecting vulnerable services from server responses is detecting exploited services from log files. Detecting services by server responses is useful, especially for red teams and anyone scanning their own network, but it's only the first @crowdstrike : 🚨 New Zero-Day Targeting Oracle E-Business Suite CrowdStrike has identified a mass exploitation campaign leveraging a novel zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite, used for data exfiltration and remote code execution. https://www.crowdstrike.com/ ... [image] LinkedIn: Michael Rogers : Oracle has officially confirmed what many in the community and our team at MOXFIVE have been tracking and investigating: active …