CrowdStrike Warns of Cl0p Group Exploiting Oracle EBS Critical Vulnerability
Cybersecurity firm CrowdStrike has revealed that threat actors, including the notorious Cl0p group, have been exploiting a critical vulnerability in Oracle E-Business Suite (EBS) to carry out unauthenticated remote code execution (RCE) attacks. The vulnerability, identified as CVE-2025-61882, has been linked to several data theft incidents, prompting Oracle to release an emergency patch.
CrowdStrike observed attackers using the /OA_HTML/SyncServlet endpoint to bypass authentication and target the XML Publisher Template Manager. The first known attacks exploiting this flaw occurred on August 9, 2025. The Cl0p group claimed to have stolen Oracle EBS data on September 29, 2025, confirming their involvement in the attacks.
The vulnerability affects Oracle EBS versions 12.2.3 to 12.2.14 and is easily exploitable via HTTP. Successful exploitation allows unauthenticated remote attackers to control the Oracle Concurrent Processing component, leading to outbound TLS connections to attacker infrastructure for command execution and persistence. Oracle released an emergency patch on October 4, 2025, to address this critical issue.
In addition to the Cl0p group, another threat actor collective known as 'SCATTERED LAPSUS$' or 'Shiny Hunters' publicly released an exploit for CVE-2025-61882 in early October 2025 via Telegram, indicating their possible involvement in the exploitation of this vulnerability.
CrowdStrike warns of increased threat actor activity due to the public disclosure of proof-of-concept (POC) exploits and the release of the emergency patch for CVE-2025-61882. Oracle EBS users are urged to apply the emergency patch immediately to mitigate the risk of unauthenticated RCE attacks. Organizations are advised to remain vigilant and monitor their systems for any signs of compromise.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Goodyear in 2025: Advancement in Total Mobility through the Launch of Kmax Gen-3 by Goodyear
- Boston Metal pioneers route to commercial production for eco-friendly steel method
- Electric SUV Showdown: Vinfast VF6 or MG Windsor EV - Your Choice Revealed