Oracle Urges EBS Users to Patch Severe RCE Vulnerability Exploited by Cl0p
Oracle has issued a critical patch update addressing a severe vulnerability (CVE-2025-61882) in its E-Business Suite (EBS). The update, released on October 4, 2025, comes after the vulnerability was exploited in the wild and linked to extortion emails received by some customers. Arctic Wolf strongly recommends upgrading to the latest fixed version to mitigate the risk.
The vulnerability, residing in the BI Publisher component of Oracle Concurrent Processing, allows unauthenticated remote threat actors to achieve remote code execution. It was exploited in a campaign involving the Cl0p ransomware group, which successfully exfiltrated large volumes of data from multiple victim environments since August 2025. Oracle confirmed that the exploit was used in this activity. The exploit code was shared via private Telegram channels by the 'Scattered LAPSUS$ Hunters' group, who claimed it was leaked and sold to the Cl0p group. Arctic Wolf also recommends patching other EBS vulnerabilities addressed in Oracle's July 2025 Critical Patch Update, as they were also exploited in this campaign. The October 2023 Critical Patch Update is a prerequisite for these updates.
Oracle's October 2025 Critical Patch Update is crucial for EBS customers to protect against the CVE-2025-61882 vulnerability and other exploited vulnerabilities. Upgrading to the latest fixed version is strongly recommended to mitigate the risk of data exfiltration and extortion. Customers should prioritize these updates and consider the advice of cybersecurity experts like Arctic Wolf.
