Outbreak Alert

Oracle E-Business Suite RCE Zero-day

Released: Oct 08, 2025

Oracle E-Business Suite RCE Attack Ransomware Tags

Critical Severity

Oracle Vendor

Watch Video

Data theft and extortion campaigns

Actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation enables complete takeover of Oracle Concurrent Processing, opening the door to lateral movement, sensitive data exfiltration, and potential ransomware deployment. Learn More »

Common Vulnerabilities and Exposures

Background

CVE-2025-61882 is a critical (CVSS 9.8) unauthenticated remote code execution vulnerability in the BI Publisher integration of Oracle E-Business Suite’s Concurrent Processing component. The flaw is remotely exploitable over HTTP without authentication, allowing attackers to execute arbitrary code and fully compromise affected systems.

Cl0p is the actor behind prior mass exploitation, data theft, and extortion campaigns impacting customers of MOVEit and other managed file transfer solutions.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

Oracle has released an out-of-band security patch to address the issue. Immediate patching or compensating controls are strongly recommended for all vulnerable EBS deployments.

October 06, 2025: FortiGuard release a Threat Signal.
https://www.fortiguard.com/threat-signal-report/6205/oracle-e-business-suite-rce-vulnerability
October 05, 2025: Report of mass exploitation of multiple Oracle E-Business Suite (EBS) vulnerabilities, including a 0-day, by Clop for data theft and extortion
https://www.linkedin.com/feed/update/urn:li:activity:7380595612443893760/
October 04, 2025: Oracle released emergency security updates to address CVE-2025-61882.
https://blogs.oracle.com/security/post/apply-july-2025-cpu

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

AV
AV (Pre-filter)
IPS
Web App Security

DETECT

IOC
Outbreak Detection

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Monitoring (Inside & Outside)
Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

watchTowr Labs

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About