Oracle has issued a warning about a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, which is being actively exploited in Clop ransomware attacks to steal data using remote code execution. Immediate patching is essential as a proof-of-concept exploit is available, and threat actors are leveraging it for large-scale data theft. #CVE-2025-61882 #Clop #OracleEBS #DataTheft
Keypoints
- The CVE-2025-61882 vulnerability affects Oracle E-Business Suite versions 12.2.3 to 12.2.14.
- The flaw allows unauthenticated remote code execution, with a high CVSS score of 9.8.
- Threat actors, including Clop, are actively exploiting this zero-day to steal data and conduct extortion campaigns.
- Oracle has released urgent security updates, but a public proof-of-concept exploit exists.
- Indicators of compromise include specific IP addresses, exploit archives, and command-line activities associated with exploitation.