Particle.news
Download on the App Store
17 ARTICLES
·
3d ago

Oracle Issues Emergency Fix as Cl0p Exploitation and Public Exploit Put E‑Business Suite at Risk

Security authorities and researchers urge immediate patching and compromise hunts after months of stealth intrusions and a leaked proof‑of‑concept increased the likelihood of follow‑on attacks.

Image
Oracle E-Business Suite hack
Image
Image

Overview

  • Oracle patched CVE-2025-61882, a critical pre‑authentication remote code execution flaw (CVSS 9.8) in the BI Publisher Integration of Oracle E‑Business Suite versions 12.2.3–12.2.14.
  • CrowdStrike says the first known exploitation occurred on August 9, with Mandiant reporting Cl0p used multiple EBS bugs for data theft and began extortion emails to executives last week.
  • Oracle published indicators of compromise including two IPs, a reverse‑shell command, and hashes for an exploit archive that matches a package leaked on Telegram by “Scattered Lapsus$ Hunters.”
  • CISA added the flaw to its Known Exploited Vulnerabilities catalog and the UK NCSC issued an urgent patch alert, with Oracle noting the October 2023 Critical Patch Update is a prerequisite.
  • WatchTowr detailed a multi‑bug exploit chain now simplified by public code, and Halcyon reports seven‑ and eight‑figure ransom demands, with some reaching up to $50 million.