Oracle Rushes Out EBS Fix After Cl0p Ransomware Exploits Critical Vulnerability
Oracle has swiftly issued a fix for a critical vulnerability (CVE-2025-61882) in its E-Business Suite (EBS) software, following its exploitation in a recent extortion email campaign by the Cl0p ransomware group. The fix, released on October 4, 2025, addresses the threat posed by the group, which has been actively exploiting the flaw since August.
The vulnerability in the BI Publisher component of Oracle Concurrent Processing allows unauthenticated remote threat actors to achieve remote code execution. Oracle has confirmed that the exploit was used in the recent campaign targeting EBS customers. To apply the fix, customers must first install the October 2023 Critical Patch Update. Additionally, Arctic Wolf recommends patching other EBS vulnerabilities addressed in Oracle's July 2025 Critical Patch Update, which were also involved in the campaign.
A proof-of-concept exploit for the vulnerability has been circulating via private Telegram channels, increasing the risk. Since August 2025, the Cl0p ransomware group has successfully exfiltrated large volumes of data from over 2,700 organizations worldwide through similar critical vulnerabilities, including high-profile targets like the BBC and US government agencies.
Given the severity of the threat and the widespread impact of the Cl0p ransomware group's activities, Arctic Wolf strongly recommends that Oracle EBS customers upgrade to the latest fixed version to mitigate the risk of CVE-2025-61882. Oracle's prompt response to the vulnerability underscores the importance of regular patching and staying updated with the latest security measures.
