On October 4, 2025, Oracle released a fix for a newly disclosed critical vulnerability, tracked as CVE-2025-61882, linked to recent extortion emails received by some Oracle E-Business Suite (EBS) customers. This vulnerability allows unauthenticated remote threat actors to achieve remote code execution and resides in the BI Publisher component of Oracle Concurrent Processing. CVE-2025-61882 was among several other EBS vulnerabilities, addressed in Oracle’s July 2025 update, that were also exploited in this campaign.
Google has confirmed that the Cl0p ransomware group has successfully exfiltrated large volumes of data from multiple victim environments since August 2025. Additionally, a proof-of-concept exploit has been shared via private Telegram channels, and Oracle has confirmed in their advisory that it was used in this activity. Given the level of access these vulnerabilities can provide, the availability of exploit code, and the potential for significant data theft, it is highly likely that threat actors will continue targeting them in the near future.
Recommendation for CVE-2025-61882
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| Oracle E-Business Suite | 12.2.3 – 12.2.14 | Patch Availability Document |
Note: The October 2023 Critical Patch Update is a prerequisite for application of these updates. Additionally, Arctic Wolf also recommends patching the EBS vulnerabilities addressed in Oracle’s July 2025 Critical Patch Update, which were originally reported to be involved in this campaign.
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
Resources
Understand the threat landscape with our annual review highlighting cyber threats with the 2025 Security Operations Report.
See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster.
