Oracle has issued a security alert for a new high-severity vulnerability in its E-Business Suite, which could allow unauthorized access to sensitive data. Recent exploits have been linked to the deployment of malware payloads by suspected Cl0p-affiliated hacking groups. #CVE-2025-61884 #OracleE-BusinessSuite #Cl0p
Keypoints
- The vulnerability CVE-2025-61884 affects Oracle E-Business Suite versions 12.2.3 to 12.2.14.
- It allows unauthenticated remote attackers to compromise Oracle Configurator via network access over HTTP.
- The flaw has a CVSS score of 7.5, indicating high severity and urgency for patching.
- Multiple organizations have been targeted using this vulnerability to deploy malware like GOLDVEIN.JAVA and SAGEGIFT.
- The attacks are believed to be orchestrated by a hacking group linked to the Cl0p ransomware collective.
Read More: https://thehackernews.com/2025/10/new-oracle-e-business-suite-bug-could.html