Oracle Urgently Patches Critical E-Business Suite Flaw Exploited by Cl0p Ransomware
Oracle has urgently patched a critical flaw in its E-Business Suite, following active exploitation by the notorious Cl0p ransomware group. The vulnerability, identified as CVE-2025-61882, poses a severe risk with a CVSS score of 9.8.
The flaw allows unauthenticated attackers to remotely take control of the Oracle Concurrent Processing component. Cl0p, also known as Graceful Spider, has been exploiting this vulnerability in extortion attacks, demanding huge ransoms from affected companies. One victim confirmed data theft from their Oracle systems. Security firm Mandiant advises investigating environments for signs of compromise linked to Cl0p operations. FIN11, a financially motivated hacker group, is associated with the current Cl0p activity. Notably, Cl0p has previously exploited zero-day flaws in popular software like Accellion, SolarWinds, Fortra GoAnywhere, and MOVEit. Oracle has released an emergency patch to address the vulnerability, which is easily exploitable via HTTP.
Oracle's swift response with an emergency patch is crucial, as the vulnerability is remotely exploitable without authentication and can lead to remote code execution. Organizations are urged to apply the patch promptly to mitigate the risk of data theft and ransom demands.
