Oracle EBS Systems Under Attack: Cl0p Ransomware Exploits CVE-2025-61882
Oracle E-Business Suite (EBS) systems are under threat from the Cl0p ransomware group, also known as Graceful Spider, exploiting the CVE-2025-61882 vulnerability. The group, active since August 2025, targets systems worldwide. Other cybercriminal groups may also be involved, using the public proof-of-concept to gain remote control over unpatched systems.
The vulnerability, a chain requiring two Python scripts (Server.py and exp.py), allows attackers to gain interactive access to the target system's operating environment. The attack involves a server-side request forgery (SSRF) to execute a malicious JavaScript payload. Oracle initially stated that patched flaws were used, but later removed this information. Attacks started in August 2025, with many organizations already affected. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-61882 to its Known Exploited Vulnerabilities catalog. Affected organizations should check for indicators of compromise and update their instances with provided fixes. WatchTowr researchers have published a script to check for the vulnerability, helping organizations to protect their systems.
The Cl0p ransomware group's exploitation of CVE-2025-61882 on Oracle EBS systems highlights the importance of timely patching and regular system checks. Organizations must remain vigilant and proactive in their cybersecurity measures to mitigate potential threats.
Read also:
- Pablo Escobar's Former Estate 'Hacienda Nápoles' to Be Transformed by Women's Organization
- Emergency services of the future revealed by Renault with the introduction of the Vision 4Rescue vehicle.
- Compromised Wi-Fi Router Causes Airport Delays, Highlights Aviation Cybersecurity Gaps
- Dortmund Customs Find Wage, Employment, and Benefit Fraud in Hotel and Gastronomy Sector
