Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Posted on By CWS

The infamous Clop ransomware gang has listed Oracle on its darkish internet leak website, alleging a profitable breach of the tech big’s inside programs.

This growth is a part of a large extortion marketing campaign exploiting a crucial zero-day vulnerability in Oracle E-Enterprise Suite (EBS), designated as CVE-2025-61882.

The group, tracked as Sleek Spider, claims to have exfiltrated delicate information from Oracle and dozens of its high-profile prospects, marking a big escalation in provide chain assaults harking back to the MOVEit incident.​

The Zero-Day Exploit: CVE-2025-61882

The assault vector facilities on a crucial, unauthenticated distant code execution (RCE) vulnerability in Oracle E-Enterprise Suite.

Safety researchers point out that Clop associates started exploiting this flaw as early as August 2025, months earlier than Oracle launched a patch in October 2025.

The exploit chain particularly targets the OA_HTML/SyncServlet endpoint to bypass authentication, adopted by malicious XSLT template injection through OA_HTML/RF.jsp to execute arbitrary instructions.

This “pre-auth” nature allowed attackers to compromise servers with out legitimate credentials, granting them full management over delicate ERP information.​

Vulnerability DetailTechnical SpecificationCVE IDCVE-2025-61882Affected ProductOracle E-Enterprise Suite (Variations 12.2.3 – 12.2.14)Vulnerability TypeUnauthenticated Distant Code Execution (RCE)CVSS Score9.8 (Important)Exploit VectorAuthentication Bypass through SyncServlet & XSLT InjectionPatch StatusPatched (October 2025 Safety Alert)

Extortion Marketing campaign and Excessive-Profile Victims

Proof from Clop’s leak website shows a “PAGE CREATED” standing for ORACLE.COM, showing alongside main entities comparable to MAZDA.COM, HUMANA.COM, and the Washington Put up.

The itemizing of Oracle Company itself suggests the seller might have fallen sufferer to its personal software program flaw, doubtlessly exposing inside company information.

Victims report receiving extortion emails from addresses like assist@pubstorm[.]com, threatening the discharge of economic and private data if ransom calls for usually are not met.​

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Threat Actors Abuse Proofpoint’s and Intermedia’s Link Wrapping Features to Hide Phishing Payloads Cyber Security News
DuckDuckGo Rolls Out New Scam Blocker to Protect Users from Online Threats Cyber Security News
0-Click ChatGPT Agent Vulnerability Allows Sensitive Data Exfiltration from Gmail Cyber Security News
Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine Cyber Security News
New Domain-fronting Attack Uses Google Meet, YouTube, Chrome and GCP to Tunnel Traffic Cyber Security News
OneDrive File Picker Vulnerability Exposes Users’ Entire Cloud Storage to Websites Cyber Security News