In early October 2025, Oracle urgently released a patch to address a critical zero-day vulnerability, identified as CVE-2025-61882, within its E-Business Suite (EBS). This flaw, carrying a severity score of 9.8 out of 10, enables unauthenticated remote code execution via HTTP, allowing attackers to gain full control over the system’s Oracle Concurrent Processing component. The vulnerability affects EBS versions 12.2.3 through 12.2.14. ([techradar.com](https://www.techradar.com/pro/security/oracle-forced-to-rush-out-patch-for-zero-day-exploited-in-attacks?utm_source=openai))
The Cl0p ransomware group has been actively exploiting this vulnerability since August 2025. Their campaign involves sending extortion emails to executives at various U.S. organizations, claiming to have stolen sensitive data from their Oracle EBS systems. These emails, which began circulating around September 29, 2025, demand substantial ransom payments, with some demands reaching up to $50 million. ([reuters.com](https://www.reuters.com/business/google-says-hackers-are-sending-extortion-emails-executives-2025-10-02/?utm_source=openai))
Google’s Threat Intelligence Group (GTIG) and cybersecurity firm Mandiant have been investigating these attacks. Initial findings suggest that the Cl0p group utilized compromised email accounts to send these extortion messages. Some of these accounts have been linked to the FIN11 cybercrime group, indicating potential collaboration or shared resources between these entities. Additionally, certain emails included contact addresses previously associated with Cl0p’s data leak site, further suggesting a connection between the groups. ([techradar.com](https://www.techradar.com/pro/security/ransomware-hackers-claim-oracle-app-breach-tell-victims-their-data-has-been-stolen?utm_source=openai))
Oracle has confirmed that customers of its E-Business Suite have been targeted by these extortion emails. The company has urged users to update their systems promptly to mitigate the risk of exploitation. While Oracle has not disclosed the exact number of affected clients, the widespread nature of the attacks underscores the critical importance of applying the provided security patches without delay. ([reuters.com](https://www.reuters.com/business/oracle-says-hackers-are-trying-extort-its-customers-2025-10-03/?utm_source=openai))
The exploitation of CVE-2025-61882 by Cl0p highlights a concerning trend in cyberattacks, where threat actors are increasingly targeting enterprise applications to maximize their impact. Organizations utilizing Oracle EBS are advised to conduct thorough audits of their systems for any signs of unauthorized access or suspicious activity. Implementing the latest security updates and maintaining vigilant monitoring practices are essential steps in safeguarding sensitive business operations managed through Oracle’s software, such as financials, human resources, and supply chain data. ([itpro.com](https://www.itpro.com/security/google-warns-executives-are-being-targeted-for-extortion-with-leaked-oracle-data?utm_source=openai))
