Oracle has released an urgent patch for E-Business Suite after the Clop cyberattacks that stole executives’ data. The vulnerability CVE-2025-61882 is already being actively exploited.
Oracle fixes zero-day vulnerability after attacks on corporate data
Oracle has released a security update for its key product, Oracle E-Business Suite, after the Clop hacker group began using a new zero-day vulnerability to steal the personal data of corporate executives.
Oracle Chief Security Officer Rob Dugart said that a patch has been released to eliminate the problem that allows attacking the system without logging in with a username and password. The company urged customers to install the update immediately, as attackers are already actively exploiting this gap.
CVE-2025-61882: A New Threat to Business
The CVE-2025-61882 vulnerability allows E-Business Suite servers to be attacked remotely, stealing sensitive customer and employee data. Oracle has published indicators of compromise to help companies detect signs of intrusion.
“This vulnerability is being exploited in real time, and we advise all customers to install the patch immediately,” Oracle said.
Exploitation and Extortion
The situation has changed after it became known about the wave of blackmailing corporate executives, which Oracle initially considered to be over. However, the new vulnerability shows that Clop continues to exploit unknown bugs that were left out of the July updates.
According to Google Mandiant, attackers are sending ransom emails, threatening to publish the personal data of top managers stolen from corporate servers.
“Clop is carrying out massive attacks with the aim of stealing data and blackmailing. We recorded the most activity in August,” said Mandiant CTO Charles Carmakal.
Global scale and risks
Oracle E-Business Suite is used by thousands of companies around the world to manage finances, personnel and customer bases. Therefore, zero-day attacks can have a cascading effect, disabling business processes and opening the way for further attacks.
Although Oracle reacted quickly, experts emphasize that the exploitation window has already been used, and data compromise could affect hundreds of companies.
Summary
Oracle’s zero-day vulnerability has once again confirmed that even the largest players are not immune to attacks. Companies are advised to immediately update E-Business Suite, check access logs and change credentials to increase cyber resilience.
Related: Oracle may sign $20B AI cloud deal with Meta, rivals AWS
