Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Posted on By CWS

The infamous Clop ransomware gang has listed Oracle on its darkish internet leak website, alleging a profitable breach of the tech big’s inside programs.

This growth is a part of a large extortion marketing campaign exploiting a crucial zero-day vulnerability in Oracle E-Enterprise Suite (EBS), designated as CVE-2025-61882.

The group, tracked as Sleek Spider, claims to have exfiltrated delicate information from Oracle and dozens of its high-profile prospects, marking a big escalation in provide chain assaults harking back to the MOVEit incident.​

The Zero-Day Exploit: CVE-2025-61882

The assault vector facilities on a crucial, unauthenticated distant code execution (RCE) vulnerability in Oracle E-Enterprise Suite.

Safety researchers point out that Clop associates started exploiting this flaw as early as August 2025, months earlier than Oracle launched a patch in October 2025.

The exploit chain particularly targets the OA_HTML/SyncServlet endpoint to bypass authentication, adopted by malicious XSLT template injection through OA_HTML/RF.jsp to execute arbitrary instructions.

This “pre-auth” nature allowed attackers to compromise servers with out legitimate credentials, granting them full management over delicate ERP information.​

Vulnerability DetailTechnical SpecificationCVE IDCVE-2025-61882Affected ProductOracle E-Enterprise Suite (Variations 12.2.3 – 12.2.14)Vulnerability TypeUnauthenticated Distant Code Execution (RCE)CVSS Score9.8 (Important)Exploit VectorAuthentication Bypass through SyncServlet & XSLT InjectionPatch StatusPatched (October 2025 Safety Alert)

Extortion Marketing campaign and Excessive-Profile Victims

Proof from Clop’s leak website shows a “PAGE CREATED” standing for ORACLE.COM, showing alongside main entities comparable to MAZDA.COM, HUMANA.COM, and the Washington Put up.

The itemizing of Oracle Company itself suggests the seller might have fallen sufferer to its personal software program flaw, doubtlessly exposing inside company information.

Victims report receiving extortion emails from addresses like assist@pubstorm[.]com, threatening the discharge of economic and private data if ransom calls for usually are not met.​

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Advanced Linux Rootkits Exploit eBPF and io_uring Advanced Linux Rootkits Exploit eBPF and io_uring Cyber Security News
Microsoft Releases Windows 11 Cumulative Updates (KB5063878, KB5063875) August 2025 with New Features Microsoft Releases Windows 11 Cumulative Updates (KB5063878, KB5063875) August 2025 with New Features Cyber Security News
Top 10 Best API Penetration Testing Companies In 2025 Top 10 Best API Penetration Testing Companies In 2025 Cyber Security News
INE Expands Cross-Skilling Innovations INE Expands Cross-Skilling Innovations Cyber Security News
CISA Warns of Cisco IOS and IOS XE SNMP Vulnerabilities Exploited in Attacks CISA Warns of Cisco IOS and IOS XE SNMP Vulnerabilities Exploited in Attacks Cyber Security News
AI-Enhanced NGate Malware Targets NFC Payment Apps AI-Enhanced NGate Malware Targets NFC Payment Apps Cyber Security News