Oracle has confirmed active exploitation of a critical zero-day vulnerability in its E-Business Suite (EBS), rated 9.8 on the CVSS v3 scale.
Identified as CVE-2025-61882, the flaw affects the Business Intelligence Publisher (BI Publisher) integration within Oracle’s Concurrent Processing component. It allows remote attackers to execute arbitrary code on affected systems without authentication, giving full control over the compromised server.
The discovery follows a series of extortion attempts by the Clop ransomware group, which contacted Oracle EBS customers claiming to have stolen sensitive business data. Oracle’s internal investigation linked these compromises to exploitation of the CVE-2025-61882 zero-day, prompting the company to issue an emergency security alert on October 4.
While Oracle has focused on CVE-2025-61882, reports suggest that attackers may have also leveraged vulnerabilities previously addressed in the July 2025 Critical Patch Update, including CVE-2025-30743, CVE-2025-30744, and CVE-2025-50105, all rated between 5.4 and 8.1 in severity. These flaws span multiple EBS modules, from Lease and Finance Management to the Universal Work Queue.
The Clop Group, also known as TA505 or FIN11, has been active since 2019 and is notorious for large-scale data theft and extortion campaigns. The group has previously exploited zero-day vulnerabilities in major file transfer platforms such as MOVEit Transfer and GoAnywhere. Their latest campaign underscores a continued focus on targeting enterprise software with unpatched or newly discovered vulnerabilities.
Public proof-of-concept exploits for this vulnerability surfaced on October 6, further increasing the urgency for organizations to patch. The issue affects EBS versions 12.2.3 through 12.2.14, with fixes now available. Oracle notes that the October 2023 Critical Patch Update must be applied before installing the new patches.
Holm Security has released the following plugins to scan for these vulnerabilities:
If you have any questions, don't hesitate to reach out.