CrowdStrike attributes recent exploitation of a critical Oracle E-Business Suite vulnerability (CVE-2025-61882) to the threat actor Cl0p, also known as Graceful Spider. The attack involves remote code execution through web shell uploads, with evidence suggesting multiple threat groups are attempting to exploit this flaw. #CVE-2025-61882 #Cl0p
Keypoints
- The security flaw CVE-2025-61882 allows remote code execution in Oracle E-Business Suite.
- Cl0p and other threat actors have exploited this vulnerability to steal data and deploy web shells.
- The attack chain involves SSRF and CRLF injection to load malicious XSLT templates.
- The vulnerability has been added to the CISA KEV catalog, requiring urgent patching.
- Experts warn of imminent widespread exploitation and advise immediate mitigation efforts.
Read More: https://thehackernews.com/2025/10/oracle-ebs-under-fire-as-cl0p-exploits.html