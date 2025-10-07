Oracle E-Business Suite (EBS) customers have been urged to patch a critical vulnerability in the product, after reports that the notorious Clop ransomware group has exploited the bug in attacks as a zero-day.

The UK’s National Cyber Security Centre (NCSC) pointed users to an emergency security update from the US software giant published over the weekend.

It patches CVE-2025-61882, an unauthenticated remote code execution (RCE) flaw impacting Oracle EBS versions 12.2.3-12.2.14.

“CVE-2025-61882 is a vulnerability in the BI Publisher Integration component of Oracle Concurrent Processing within Oracle E-Business Suite,” explained the NCSC.

“An unauthenticated attacker can send specially crafted HTTP requests to the affected component resulting in full system compromise. No user interaction is required.”

Google’s Mandiant group said the Clop ransomware group exploited the vulnerability as a zero-day back in August, along with other software flaws patched in the July 2025 Critical Patch Update.

Clop is notorious for zero-day exploits in popular software, enabling it to steal and hold to ransom sensitive corporate data. That’s the same modus operandi that enabled it to run the massive MOVEit campaign, as well as similar attacks on Accellion and GoAnywhere customers.

Scattered Lapsus$ Hunters Leak Exploit

The need to patch is made more urgent by the fact that the infamous Scattered Lapsus$ Hunters threat groups has leaked the exploit used by the Clop gang. That means more opportunistic threat actors will likely try to launch attacks on Oracle customers.

“Given that exploitation in-the-wild may have occurred since August 2025, customers of affected Oracle E-Business Suite instances that are accessible via the internet, should conduct suitable threat hunting to detect any potential malicious activity,” urged Rapid7.

The UK’s NCSC has the following advice: