Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Posted on By CWS

The infamous Clop ransomware gang has listed Oracle on its darkish internet leak website, alleging a profitable breach of the tech big’s inside programs.

This growth is a part of a large extortion marketing campaign exploiting a crucial zero-day vulnerability in Oracle E-Enterprise Suite (EBS), designated as CVE-2025-61882.

The group, tracked as Sleek Spider, claims to have exfiltrated delicate information from Oracle and dozens of its high-profile prospects, marking a big escalation in provide chain assaults harking back to the MOVEit incident.​

The Zero-Day Exploit: CVE-2025-61882

The assault vector facilities on a crucial, unauthenticated distant code execution (RCE) vulnerability in Oracle E-Enterprise Suite.

Safety researchers point out that Clop associates started exploiting this flaw as early as August 2025, months earlier than Oracle launched a patch in October 2025.

The exploit chain particularly targets the OA_HTML/SyncServlet endpoint to bypass authentication, adopted by malicious XSLT template injection through OA_HTML/RF.jsp to execute arbitrary instructions.

This “pre-auth” nature allowed attackers to compromise servers with out legitimate credentials, granting them full management over delicate ERP information.​

Vulnerability DetailTechnical SpecificationCVE IDCVE-2025-61882Affected ProductOracle E-Enterprise Suite (Variations 12.2.3 – 12.2.14)Vulnerability TypeUnauthenticated Distant Code Execution (RCE)CVSS Score9.8 (Important)Exploit VectorAuthentication Bypass through SyncServlet & XSLT InjectionPatch StatusPatched (October 2025 Safety Alert)

Extortion Marketing campaign and Excessive-Profile Victims

Proof from Clop’s leak website shows a “PAGE CREATED” standing for ORACLE.COM, showing alongside main entities comparable to MAZDA.COM, HUMANA.COM, and the Washington Put up.

The itemizing of Oracle Company itself suggests the seller might have fallen sufferer to its personal software program flaw, doubtlessly exposing inside company information.

Victims report receiving extortion emails from addresses like assist@pubstorm[.]com, threatening the discharge of economic and private data if ransom calls for usually are not met.​

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Microsoft Reveals Techniques To Defending Against Advancing AiTM Attacks Cyber Security News
Lionishackers Threat Actors Exfiltrating and Selling Corporate Databases on Dark Web Cyber Security News
CodeIgniter Vulnerability Exposes Million of Webapps to File Upload Attacks Cyber Security News
Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors Cyber Security News
U.S. Authorities Investigating Malicious Email Targeting Trade Talks with China Cyber Security News
15+ Weaponized npm Packages Attacking Windows Systems to Deliver Vidar Malware Cyber Security News