Overview

• The flaw allows unauthenticated remote code execution in the Oracle Concurrent Processing component’s BI Publisher Integration and carries a CVSS score of 9.8.
• Impacted releases span Oracle E‑Business Suite versions 12.2.3 through 12.2.14, and the fix requires the October 2023 Critical Patch Update to be installed first.
• Oracle’s IoCs include IPs 200.107.207.26 and 185.181.60.11, a bash reverse‑shell command, and the filenames of a leaked exploit archive and its exp.py and server.py scripts.
• Mandiant reports Cl0p used multiple EBS vulnerabilities to steal large volumes of data in August 2025, with extortion emails to victims surfacing in late September and tracked by Google’s GTIG.
• A publicly shared exploit package attributed to “Scattered Lapsus$ Hunters” matches Oracle’s IoCs, prompting urgent guidance to patch immediately and review logs for prior compromise.