Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Posted on By CWS

Oct 06, 2025Ravie LakshmananVulnerability / Risk Intelligence
Oracle has launched an emergency replace to handle a vital safety flaw in its E-Enterprise Suite that it mentioned has been exploited within the current wave of Cl0p information theft assaults.
The vulnerability, tracked as CVE-2025-61882 (CVSS rating: 9.8), issues an unspecified bug that would enable an unauthenticated attacker with community entry through HTTP to compromise and take management of the Oracle Concurrent Processing element.
“This vulnerability is remotely exploitable with out authentication, i.e., it could be exploited over a community with out the necessity for a username and password,” Oracle mentioned in an advisory. “If efficiently exploited, this vulnerability could end in distant code execution.”
In a separate alert, Oracle’s Chief Safety Officer Rob Duhart mentioned the corporate has launched fixes for CVE-2025-61882 to “present updates towards extra potential exploitation that have been found throughout our investigation.”

As indicators of compromise (IoCs), the expertise shared the next IP addresses and artifacts, indicating the probably involvement of the Scattered LAPSUS$ Hunters group as properly within the exploit –

Information of the Oracle zero-day comes days after experiences emerged of a brand new marketing campaign probably undertaken by the Cl0p ransomware group focusing on Oracle E-Enterprise Suite. Google-owned Mandiant described the continuing exercise as a “high-volume e-mail marketing campaign” launched from a whole lot of compromised accounts.
In a put up shared on LinkedIn, Charles Carmakal, CTO of Mandiant at Google Cloud, mentioned “Cl0p exploited a number of vulnerabilities in Oracle EBS which enabled them to steal massive quantities of knowledge from a number of victims in August 2025,” including “a number of vulnerabilities have been exploited together with vulnerabilities that have been patched in Oracle’s July 2025 replace in addition to one which was patched this weekend (CVE-2025-61882).”
“Given the broad mass zero-day exploitation that has already occurred (and the n-day exploitation that can probably proceed by different actors), no matter when the patch is utilized, organizations ought to look at whether or not they have been already compromised,” Carmakal famous.
(This can be a growing story. Please test again for extra particulars.)

The Hacker News Tags:, , , , , , , ,

Related Posts

Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks The Hacker News
Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat Fake Booking Emails Redirect Hotel Staff to Fake BSoD Pages Delivering DCRat The Hacker News
GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs The Hacker News
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security The Hacker News
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans The Hacker News
Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack The Hacker News