Oracle Issues Urgent Patch for Critical E-Business Suite Flaw
▼ Summary
– Oracle released an emergency security update to patch a remotely exploitable E-Business Suite vulnerability (CVE-2025-61884) that affects versions 12.2.3 to 12.2.14.
– This information disclosure flaw allows unauthenticated attackers to steal sensitive data and has a CVSS score of 7.5.
– The patch follows recent Clop ransomware attacks exploiting EBS vulnerabilities, including CVE-2025-61882, which has been used as a zero-day since early August.
– CVE-2025-61882 is a vulnerability chain enabling remote code execution, with a proof-of-concept exploit leaked online by a cybercrime gang.
– Oracle has not confirmed CVE-2025-61884 as exploited in the wild but strongly recommends immediate patching due to active targeting of internet-facing EBS instances.
Oracle has rolled out an urgent security patch addressing a newly discovered vulnerability within its E-Business Suite (EBS) platform. This critical flaw, identified as CVE-2025-61884, poses a significant risk as it can be exploited remotely by attackers without requiring any form of authentication. The issue specifically impacts the Runtime UI component across EBS versions ranging from 12.2.3 to 12.2.14, potentially enabling unauthorized individuals to access and exfiltrate confidential information.
According to Oracle, the vulnerability is classified with a CVSS base score of 7.5, highlighting its serious nature. Rob Duhart, Oracle’s Chief Security Officer, emphasized that successful exploitation could lead to unauthorized access to sensitive resources. The company is urging all affected customers to implement the provided updates or recommended mitigations immediately to safeguard their systems.
This emergency update arrives on the heels of a recent extortion campaign orchestrated by the Clop group, which targeted corporate executives at various firms. Investigations have connected these attacks to earlier EBS vulnerabilities, including one patched in July 2025 and another now tracked as CVE-2025-61882. CrowdStrike, a leading cybersecurity firm, reported observing Clop leveraging CVE-2025-61882 as a zero-day since early August, cautioning that additional threat actors may have since joined these offensive operations.
Further analysis by watchTowr Labs revealed that CVE-2025-61882 actually represents a chain of vulnerabilities. This chain could permit unauthenticated attackers to achieve remote code execution, a capability demonstrated by a proof-of-concept exploit that was leaked online by the Scattered Lapsus$ Hunters cybercrime gang. The Clop group has a notorious history of large-scale data theft campaigns, having previously exploited zero-day flaws in widely used file transfer solutions such as Accellion FTA, GoAnywhere MFT, Cleo, and MOVEit Transfer, the last of which affected more than 2,770 organizations.
At this time, Oracle has not confirmed any active exploitation in the wild for the newly patched CVE-2025-61884 vulnerability, nor has it established a direct link to the ongoing attacks involving CVE-2025-61882. Nevertheless, given that internet-facing Oracle EBS instances are under active targeting, security professionals strongly advise applying this out-of-band patch without delay to prevent potential security breaches.
(Source: Bleeping Computer)
