Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks.
The flaw is within the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration) and has a CVSS base score of 9.8, due to its lack of authentication and ease of exploitation.
"This Security Alert addresses vulnerability CVE-2025-61882 in Oracle E-Business Suite," reads a new Oracle advisory.
"This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution."
Oracle has confirmed that the zero-day vulnerability affects Oracle E-Business Suite, versions 12.2.3-12.2.14, and has released an emergency update to address the flaw. The company notes that customers must first install the October 2023 Critical Patch Update before they can install the new security updates.
As a public PoC exploit exists and the flaw is actively exploited, it is crucial for Oracle admins to install the security update as soon as possible.
Zero-day exploited in Clop data theft attacks
While Oracle has not explicitly stated that this is a zero-day vulnerability, they did share indicators of compromise that correspond to an Oracle EBS exploit recently shared by threat actors on Telegram.
Charles Carmakal, CTO, Mandiant - Google Cloud, also confirmed that this was the flaw exploited by the Clop ransomware gang in data theft attacks that occurred in August 2025.
"Clop exploited multiple vulnerabilities in Oracle EBS which enabled them to steal large amounts of data from several victim in August 2025," Carmakal shared in a statement to BleepingComputer.
... continue reading