Oracle over the weekend introduced the provision of a patch for an additional extreme E-Enterprise Suite (EBS) vulnerability that may be exploited to achieve entry to delicate knowledge.
The newly patched flaw is tracked as CVE-2025-61884 and it has been assigned a ‘excessive severity’ score. In response to Oracle’s advisory, it impacts the Runtime UI part of Oracle Configurator and it may be exploited remotely with out authentication and with out requiring person interplay.
The disclosure and patching of CVE-2025-61884 comes roughly two weeks after executives at dozens of organizations acquired extortion emails claiming that delicate info had been stolen from their EBS occasion.
Oracle initially stated the assaults exploited vulnerabilities patched in July 2025. It later admitted {that a} zero-day tracked as CVE-2025-61882 was additionally doubtless exploited.
Over the weekend, Oracle knowledgeable prospects about CVE-2025-61884, however has not stated whether or not it has been exploited. It’s doable that CVE-2025-61884 was found through the investigation into CVE-2025-61882 and it might be exploited in comparable assaults, nevertheless it hasn’t truly been used within the wild.
“[CVE-2025-61884] impacts some deployments of Oracle E-Enterprise Suite,” stated Rob Duhart, the CSO of Oracle. “If efficiently exploited, this vulnerability might enable entry to delicate assets.”
However, it’s nonetheless unclear precisely which CVEs and CVE mixtures have been exploited within the current assault.
The assaults focusing on Oracle EBS prospects have been claimed by the Cl0p group (doubtless because of its repute), however Google Risk Intelligence Group (GTIG) and Mandiant have discovered a number of hyperlinks to the FIN11 cybercrime group, which has been recognized to make use of the Cl0p ransomware in a few of its assaults. Nonetheless, GTIG and Mandiant have but to confidently attribute the assault to a selected menace group.Commercial. Scroll to proceed studying.
Along with exploiting vulnerabilities, the menace actors used refined malware to attain their objectives.
The hackers are believed to have stolen important quantities of knowledge from among the victims, which isn’t stunning. Earlier large-scale campaigns linked to FIN11 and Cl0p resulted within the theft of delicate info from Cleo, MOVEit, Fortra and Accellion file switch merchandise prospects.
Associated: Cisco, Fortinet, Palo Alto Networks Gadgets Focused in Coordinated Marketing campaign
Associated: The Y2K38 Bug Is a Vulnerability, Not Only a Date Drawback, Researchers Warn
Associated: All SonicWall Cloud Backup Customers Had Firewall Configurations Stolen
