The cybersecurity company CISA has confirmed that an Oracle E-Enterprise Suite (EBS) vulnerability patched earlier this month has been exploited within the wild.
Dozens of Oracle prospects have been focused in a marketing campaign that concerned information theft from their EBS cases. The cybercriminals, presumably a cluster of a risk group named FIN11, stole vital quantities of recordsdata and tried to extort victims.
The attackers exploited EBS vulnerabilities to achieve entry to information, however Oracle and the cybersecurity neighborhood have but to share definitive data on which flaws have been exploited.
Oracle initially mentioned identified flaws patched in July have been concerned, and later introduced {that a} zero-day tracked as CVE-2025-61882 was additionally apparently exploited within the marketing campaign.
A number of days later, on October 11, the software program big introduced fixes for CVE-2025-61884, which may be exploited remotely with out authentication and with out consumer interplay to achieve entry to delicate information.
Nevertheless, Oracle’s advisory didn’t and nonetheless doesn’t present any indication that CVE-2025-61884 has been exploited in assaults. Solely the timing of the patch prompt that CVE-2025-61884 too has been leveraged by the attackers.
Nevertheless, CISA on Monday added CVE-2025-61884 to its Identified Exploited Vulnerabilities (KEV) catalog, confirming its exploitation. With the flaw added to CISA’s KEV catalog, federal companies are required to use mitigations by November 10.
Bleeping Pc reported final week that CVE-2025-61884 corresponds to a PoC exploit leaked by Scattered Lapsus$ Hunter (a partnership between the Scattered Spider and ShinyHunters teams) shortly after the Oracle EBS hacking marketing campaign got here to mild. It was initially believed that the PoC corresponds to CVE-2025-61882.Commercial. Scroll to proceed studying.
No matter which vulnerabilities have been exploited as n-day or zero-day vulnerabilities, it seems that up-to-date Oracle EBS installations ought to not be inclined to assaults, primarily based on what Bleeping Pc realized from numerous safety corporations.
The extortion emails despatched to victims have been signed by the Cl0p group, which has gained notoriety over the previous years, significantly because of comparable campaigns focusing on Cleo, MOVEit, and Fortra file switch merchandise by means of the exploitation of zero-day vulnerabilities.
On the time of writing, 4 alleged victims of the Oracle EBS hack have been listed on the Cl0p ransomware leak web site: Harvard College, American Airways (subsidiary Envoy Air), South Africa’s College of the Witwatersrand, and industrial big Emerson.
Emerson is the one certainly one of them that has but to verify being impacted and the corporate has not responded to SecurityWeek’s request for remark.
Associated: F5 Hack: Assault Linked to China, BIG-IP Flaws Patched, Governments Problem Alerts
Associated: Hackers Steal Delicate Information From Public sale Home Sotheby’s
Associated: Organizations Warned of Exploited Adobe AEM Types Vulnerability
