Oracle revealed a critical zero-day vulnerability CVE-2025-61882 affecting its E-Business Suite that ransomware group Clop exploited as part of an extensive data theft and extortion campaign. The vulnerability enables attackers to achieve remote code execution without authentication and has a high CVSS score of 9.8, highlighting the severity of the flaw. The disclosure occurred eight weeks after the first known exploit on August 9, indicating a prolonged breach period during which attackers stole data undetected.
Clop leveraged multiple vulnerabilities, including the zero-day, chaining at least five distinct bugs to accomplish pre-authenticated remote code execution, demonstrating advanced attacker skill and effort. The group targeted multiple victims globally, stealing large volumes of data before sending extortion demands reaching up to $50 million. This attack highlights the risks posed by sophisticated ransomware groups exploiting critical vulnerabilities in widely used enterprise resource planning systems.
The FBI and CISA consider this zero-day an emergency risk, given Oracle E-Business Suite’s critical role in major enterprises and public sector environments. The incident also illustrates the broader threat posed by Clop’s operations, which combine financial extortion with potential geopolitical motives due to links with Russia-aligned cybercrime networks. The ongoing risk of further vulnerabilities related to this campaign remains high, underscoring the importance of timely patching and threat monitoring.
👉 Pročitaj original: CyberScoop
