On October 2, 2025, Oracle announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle’s investigation revealed the potential use of vulnerabilities previously addressed in the July 2025 Critical Patch Update.
The following nine vulnerabilities in EBS products were addressed in the July update. These vulnerabilities range from medium to high severity, with three potentially exploitable by remote, unauthenticated threat actors:
| Vulnerability | Affected Product |
| CVE-2025-30743 | Oracle Lease and Finance Management |
| CVE-2025-30744 | Oracle Mobile Field Service |
| CVE-2025-50105 | Oracle Universal Work Queue |
| CVE-2025-50071 | Oracle Applications Framework |
| CVE-2025-30746 | Oracle iStore |
| CVE-2025-30745 | Oracle iStore |
| CVE-2025-50107 | Oracle Universal Work Queue |
| CVE-2025-30739 | Oracle CRM Technical Foundation |
| CVE-2025-50090 | Oracle Applications Framework |
In the days prior to Oracle’s announcement, Arctic Wolf observed multiple open-source reports of organizations receiving extortion emails from a threat actor claiming affiliation with the Cl0p ransomware group. These emails, sent from various compromised accounts, were often directed at organizational executives.
Recommendation
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of your impacted EBS product.
| Product | Affected Version | Fixed Version |
| Oracle Lease and Finance Management | 12.2.13 | Patch availability document |
| Oracle Mobile Field Service | 12.2.3-12.2.13 | |
| Oracle Universal Work Queue | 12.2.3-12.2.14 | |
| Oracle Applications Framework | 12.2.3-12.2.14 | |
| Oracle iStore | 12.2.3-12.2.14 | |
| Oracle iStore | 12.2.12-12.2.13 | |
| Oracle Universal Work Queue | 12.2.5-12.2.14 | |
| Oracle CRM Technical Foundation | 12.2.11-12.2.13 | |
| Oracle Applications Framework | 12.2.3-12.2.14 |
Note: Oracle E-Business Suite (EBS) relies on Oracle Database and Fusion Middleware, which are affected by other vulnerabilities in the July 2025 update. EBS exposure depends on the versions of these components, so Oracle recommends applying the July 2025 Critical Patch Update to both Database and Fusion Middleware. More information is available in Oracle’s support note.
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
Resources
Understand the threat landscape with our annual review highlighting cyber threats with the 2025 Security Operations Report.
See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster.
