Oracle Takes Swift Action with Emergency Patch for Critical E-Business Suite Vulnerability

Oracle Issues Emergency Security Update for E-Business Suite Vulnerability

Over the weekend, Oracle released an urgent security update to address a critical vulnerability in its E-Business Suite (EBS) that could be exploited remotely by unauthorized attackers.

Identified as CVE-2025-61884, this flaw in the Runtime UI component impacts EBS versions 12.2.3 to 12.2.14, posing a risk of unauthorized access to sensitive data if successfully exploited by threat actors.

Oracle emphasized the importance of applying the provided updates or mitigations promptly, as the vulnerability carries a CVSS Base Score of 7.5 and could lead to unauthorized access to critical resources.

The patch for CVE-2025-61884 comes on the heels of a recent Clop extortion campaign that targeted executives at various organizations, with Oracle linking the attack to previously patched EBS vulnerabilities and the newly discovered CVE-2025-61882.

Cybersecurity experts have observed the Clop group exploiting CVE-2025-61882 since early August, leveraging the vulnerability for data theft attacks. The discovery of a proof-of-concept exploit leaked online by cybercriminals further underscores the severity of the vulnerability.

Oracle has not confirmed any active exploitation of CVE-2025-61884 in the wild but advises organizations to apply the out-of-band patch promptly due to the ongoing targeting of internet-facing EBS instances.

Stay Informed with the Breach and Attack Simulation Summit

Join the Breach and Attack Simulation Summit to explore the future of security validation. Learn from industry experts about the impact of AI-powered BAS on breach and attack simulation.

Don’t miss this opportunity to shape the future of your security strategy. Register now for the event!

See also  Cisco's Triumph: Resolving the Longstanding AsyncOS Vulnerability

Register Now