A new high-severity vulnerability (CVE-2025-61884) in Oracle E-Business Suite allows remote, unauthenticated access to critical data. This follows a previous exploit of CVE-2025-61882 by the CL0P ransomware gang, targeting vulnerabilities in Oracle systems. #CVE202561884 #CL0PRansomware #Harvard
Keypoints
- Oracle released a patch for a vulnerability in E-Business Suite that can be exploited remotely without authentication.
- The vulnerability affects versions 12.2.3 to 12.2.14 and could lead to unauthorized access to sensitive data.
- Earlier, Oracle patched a more severe CVE-2025-61882, exploited by the CL0P ransomware gang in widespread attacks.
- Organisations, including Harvard University, have been targeted through mass email campaigns and data theft claims by CL0P.
- Google identified indicators of compromise, such as malicious payloads in EBS database tables, to help detect exploitation attempts.
Read More: https://thecyberexpress.com/oracle-patches-new-e-business-suite-flaw/