Close Menu
    Tech News

    Oracle issues E-Business Suite patch as Cl0p exploits CVE-2025-61882

    Michael ComaousBy 2 Mins Read
    Oracle issues E-Business Suite patch as Cl0p exploits CVE-2025-61882

    Oracle released an emergency update for a critical Oracle E‑Business Suite vulnerability, CVE-2025-61882, after reports that the Cl0p group actively exploited it in data theft and extortion attacks [securityweek.com#1][thehackernews.com#1][theregister.com#1]. The flaw allows unauthenticated remote code execution via HTTP and carries a CVSS score of 9.8, meaning attackers could potentially take control of affected systems if unpatched [thehackernews.com#1][bleepingcomputer.com#1][betanews.com#1].

    Highlights:

    • Critical severity: The bug is rated CVSS 9.8 and enables unauthenticated remote code execution via HTTP, potentially allowing full system compromise [thehackernews.com#1][bleepingcomputer.com#1][betanews.com#1].
    • Active exploitation: Oracle and security outlets report the Cl0p group has exploited the flaw for data theft and extortion campaigns [securityweek.com#1][bleepingcomputer.com#1][theregister.com#1].
    • Emergency fix: Oracle issued an emergency Security Alert and released patches addressing CVE-2025-61882 [thehackernews.com#1][betanews.com#1][securityweek.com#1].
    • Affected product: The vulnerability targets Oracle E‑Business Suite and is reachable over the network via HTTP [thehackernews.com#1][bleepingcomputer.com#1].
    • Risk context: Reports tie exploitation to data theft and extortion activity, increasing urgency for rapid patching [theregister.com#1][securityweek.com#1].

    Perspectives:

    • Oracle: Oracle released an emergency Security Alert for CVE-2025-61882 in E‑Business Suite and warned the issue is remotely exploitable without authentication. (BetaNews)
    • Security analysts: Coverage attributes the wave of data theft and related extortion to the Cl0p group exploiting this E‑Business Suite zero‑day. (The Register)
    • Threat reporting: Analysts note the flaw could let an unauthenticated attacker compromise and take control of Oracle E‑Business Suite over HTTP. (The Hacker News)

    Sources:

    Share.

    Michael Comaous is a dedicated professional with a passion for technology, innovation, and creative problem-solving. Over the years, he has built experience across multiple industries, combining strategic thinking with hands-on expertise to deliver meaningful results. Michael is known for his curiosity, attention to detail, and ability to explain complex topics in a clear and approachable way. Whether he’s working on new projects, writing, or collaborating with others, he brings energy and a forward-thinking mindset to everything he does.

    Related Posts