Following reports the Cl0p ransomware group has been extorting Oracle E-Business Suite customers, Oracle released an advisory for a zero-day that was exploited in the wild.
Background
Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a newly disclosed Oracle zero-day vulnerability that was exploited in the wild along with other recently patched vulnerabilities part of Oracle’s initial investigation.
FAQ
What is the Oracle zero-day vulnerability?
On October 4, Oracle published a Security Alert Advisory for a new zero-day vulnerability in E-Business Suite (EBS), Oracle’s integrated business application suite for various business functions including order management, logistics, procurement and more.
What is the CVE for this Oracle zero-day vulnerability?
| CVE | Description | Affected Component | CVSSv3 |
|---|---|---|---|
| CVE-2025-61882 | Oracle Concurrent Processing Remote Code Execution Vulnerability | Business Intelligence Publisher (BI Publisher) Integration | 9.8 |
Was CVE-2025-61882 exploited in the wild as a zero-day?
Yes. As part of its Security Alert Advisory, Oracle included multiple indicators of compromise (IOCs). Additionally, a blog post from Rob Duhart, Chief Security Officer at Oracle, was updated to highlight the discovery of this zero-day during its investigation into reports of these compromises.
What are these reports of Oracle EBS customers being compromised?
On October 2, there were reports that Oracle customers received emails from the ransomware group known as Cl0p claiming to have stolen information from their EBS systems. On October 3, Oracle confirmed the reports of attempted extortion, adding that their preliminary invest
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: