Oracle has released an urgent security update to address a critical E-Business Suite vulnerability (CVE-2025-61884) that allows remote, unauthenticated attackers to access sensitive data. Cybercriminal groups like Clop have exploited similar EBS vulnerabilities to carry out data theft and extortion campaigns, highlighting the urgency for immediate patching. #CVE202561884 #ClopGroup
Keypoints
- Oracle issued an emergency patch for a remote-exploit vulnerability in E-Business Suite versions 12.2.3 to 12.2.14.
- The vulnerability, CVE-2025-61884, scores 7.5 on the CVSS scale and exposes sensitive data without requiring authentication.
- Cybercriminal group Clop exploited related vulnerabilities in data theft and extortion campaigns targeting these systems.
- Active exploitation of Oracle EBS vulnerabilities has been linked to large-scale data breaches and zero-day attacks since July 2025.
- Security experts advise immediate application of the patch to mitigate the risk of remote code execution and data theft.