New Zero-Day Vulnerability in Oracle E-Business Suite Triggers Widespread Cyberattacks and Security Breach

Oracle E-Business Suite users face major cybersecurity risks after a data theft incident linked to a zero-day flaw. Security experts recommend immediate patching and stronger data protection measures.

Tech Author Tech Author
Oct 8, 2025 - 14:46 Updated: Oct 9, 2025 - 10:55
0 15
New Zero-Day Vulnerability in Oracle E-Business Suite Triggers Widespread Cyberattacks and Security Breach

A major cybersecurity incident recently shook Oracle E-Business Suite (EBS) users around the world.The Cl0p ransomware group has been determined to be the attackers of a data theft and extortion campaign targeting Oracle business software users. Oracle has also revealed that hackers took advantage of a zero-day vulnerability, worsening the attack.

The issue originally surfaced when the Google Threat Intelligence Group (GTIG) and Mandiant discovered a series of extortion emails sent to executives via Oracle E-Business Suite. The emails, apparently from the Cl0p group, stated that sensitive information had been stolen from their company's Oracle systems.The attackers asked that victims contact them directly, a common ransomware-style extortion strategy.

According to Mandiant's Chief Technology Officer, Charles Carmakal, the hackers started collecting data from Oracle EBS users in August and launched their campaign in late September. Oracle first claimed that the problem was due to previously patched vulnerabilities, but its Chief Security Officer, Rob Duhart, recently stated that a major zero-day flaw known as CVE-2025-61882, was actively exploited.

This vulnerability, rated 9.8 on the CVSS scale, enables remote code execution without authentication. It affects Oracle E-Business Suite versions 12.2.3 to 12.2.14, mostly the BI Publishing Integration component. In response, Oracle offered security patches and indicators of compromise (IoCs) to assist enterprises in detecting possible breaches. Mandiant recommends that enterprises evaluate their systems quickly for indicators of earlier compromise, regardless of when they upgrade.

This event demonstrates how zero-day vulnerabilities continue to pose a significant danger to organizational security. To avoid future attacks, organizations utilizing Oracle EBS should update patches as soon as possible, strengthen monitoring systems, and implement strong cyber security measures.

Information referenced in this article is from Security Week