CVE-2025-61882

critical

Description

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

From the Tenable Blog

CVE-2025-61882 Cl0p Exploited Oracle Zero-Day | Tenable®

Published: 2025-10-06

Oracle patches EBS zero-days CVE-2025-61882, exploited by Cl0p, and related flaw CVE-2025-61884. Get the latest details on these critical security updates.

References

https://www.oracle.com/security-alerts/alert-cve-2025-61882.html

https://www.bleepingcomputer.com/news/security/oracles-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/

https://www.securityweek.com/oracle-patches-ebs-vulnerability-allowing-access-to-sensitive-data/

https://www.bleepingcomputer.com/news/security/harvard-investigating-breach-linked-to-oracle-zero-day-exploit/

https://thehackernews.com/2025/10/new-oracle-e-business-suite-bug-could.html

https://www.securityweek.com/sophisticated-malware-deployed-in-oracle-ebs-zero-day-attacks/

https://www.infosecurity-magazine.com/news/google-clop-data-oracle-exploit/

https://thehackernews.com/2025/10/cl0p-linked-hackers-breach-dozens-of.html

https://securityaffairs.com/183183/malware/rondodox-botnet-targets-56-flaws-across-30-device-types-worldwide.html

https://www.databreachtoday.com/clop-attacks-against-oracle-e-business-suite-trace-to-july-a-29692

https://cyberscoop.com/oracle-customers-attacks-clop-google-mandiant/

https://www.hipaajournal.com/cl0p-mass-exploiting-zero-day-vulnerability-oracle-e-business-suite/

https://www.infosecurity-magazine.com/news/ncsc-patch-critical-oracle-ebs-bug/

https://www.helpnetsecurity.com/2025/10/07/leaked-oracle-ebs-exploit-attacks-cve-2025-61882/

https://www.databreachtoday.com/oracle-zero-day-more-being-exploited-by-ransomware-group-a-29663

https://securityaffairs.com/183049/security/u-s-cisa-adds-oracle-mozilla-microsoft-windows-linux-kernel-and-microsoft-ie-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/

https://www.theregister.com/2025/10/06/clop_oracle_ebs_zeroday/

https://www.securityweek.com/oracle-e-business-suite-zero-day-exploited-in-cl0p-attacks/

https://www.helpnetsecurity.com/2025/10/06/cl0p-oracle-data-theft-extortion-cve-2025-61882/

https://www.darkreading.com/application-security/clop-ransomware-oracle-customers-zero-day-flaw

https://www.crowdstrike.com/en-us/blog/crowdstrike-identifies-campaign-targeting-oracle-e-business-suite-zero-day-CVE-2025-61882/

https://www.cisa.gov/news-events/alerts/2025/10/06/cisa-adds-seven-known-exploited-vulnerabilities-catalog

https://therecord.media/fbi-uk-urge-orgs-to-patch-after-clop-campaign

https://securityaffairs.com/183029/security/oracle-patches-critical-e-business-suite-flaw-exploited-by-cl0p-hackers.html

https://databreaches.net/2025/10/06/update-on-the-emerging-cl0p-extortion-campaign-targeting-oracle-e-business-suite/?pk_campaign=feed&pk_kwd=update-on-the-emerging-cl0p-extortion-campaign-targeting-oracle-e-business-suite

https://databreaches.net/2025/10/06/update-on-the-emerging-cl0p-extortion-campaign-targeting-oracle-e-business-suite/

https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/

https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html

https://blogs.oracle.com/security/post/apply-july-2025-cpu

https://www.inoreader.com/article/3a9c6e775937b86e-oracle-ebs-under-fire-as-cl0p-exploits-cve-2025-61882-in-real-world-attacks

Details

Source: Mitre, NVD

Published: 2025-10-05

Updated: 2025-10-17

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.82344

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest

Detections

Analytics