Oracle Warns of Actively Exploited E-Business Suite Vulnerability
Oracle has warned of a critical vulnerability in its E-Business Suite, which is being actively exploited by the notorious cybercriminal group Clop. The group is currently attempting to extort corporate executives after stealing sensitive information in the United States.
The vulnerability, identified as CVE-2025-61882, has a severity score of 9.8 out of 10. It allows attackers to gain unauthorised access to systems remotely, without needing a username or password. Oracle has urged customers to install patches from an October 2023 update and a new patch issued on Saturday to fix the issue.
Clop has been exploiting this vulnerability since August 2025, along with other patched vulnerabilities. The group has targeted several organisations, stealing data and threatening to leak it unless a ransom is paid. Cybersecurity agencies in the U.K., Singapore, and the United States have issued advisories, warning of the increased risk and ordering federal agencies to patch the vulnerability by October 28.
Mandiant's chief technology officer, Charles Carmakal, has tied the vulnerability to Clop's ongoing campaign. He warns that corporate executives are currently being targeted for extortion.
Organisations using Oracle E-Business Suite are advised to isolate potentially affected servers and monitor threat intelligence channels. The vulnerability is considered extremely serious, and prompt action is recommended to prevent further breaches. Oracle, cybersecurity agencies, and experts all agree that immediate patching is crucial to protect against active exploitation by cybercriminals in the United States.
Read also:
- Xiaomi's YU7 SUV Challenges Tesla's Dominance with Impressive Pre-orders and Features
- VinFast Partners with Castrol India for After-Sales Support in India
- Activist Wangchuk Sounds Alarm on Ladakh's Climate Crisis and Silenced Voices
- Railway line in Bavaria threatened by unstable slope - extensive construction site at risk
