On October 4, 2025, Oracle disclosed a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite (EBS), rated 9.8 (Critical) under CVSS v3.1. The flaw allows unauthenticated remote code execution via the BI Publisher integration within the Concurrent Processing component, and has been actively exploited by the Cl0p ransomware group.
Key Highlights
-
Affected Versions: Oracle EBS 12.2.3 to 12.2.14
-
Attack Vector: Network (HTTP) – no authentication required
-
Severity: CVSS 9.8 (Critical)
-
Exploited By: Cl0p ransomware group (linked to MOVEit attacks)
-
Impact: Full system compromise, data exfiltration, and potential ransomware deployment
-
Mitigation: Immediate application of Oracle’s emergency patch or restriction of external access to EBS servers
The report provides detailed indicators of compromise (IoCs), threat activity timelines, and recommended response steps to contain and remediate active exploitation.
Read the complete report here. Oracle E-Business Zero Day Report.