CVE-2025-61882 Vulnerability: A Critical Oracle E-Business Suite Zero-Day Exploited in Cl0p Data Theft Attacks

[post-views]
October 06, 2025 · 3 min read
CVE-2025-61882 Vulnerability: A Critical Oracle E-Business Suite Zero-Day Exploited in Cl0p Data Theft Attacks

Another day brings another security concern. Hot on the heels of CVE-2025-41244, a recently weaponized flaw impacting VMware Tools and VMware Aria Operations, researchers have uncovered a new zero-day flaw. The novel critical Oracle E-Business Suite vulnerability tracked as CVE-2025-61882 has reportedly been exploited in the latest Cl0p-linked data theft campaign.

In 2025, ransomware groups increasingly rely on vulnerability exploitation as a primary entry point into enterprise systems. While social engineering and stolen credentials remain significant attack vectors, vulnerability exploits have become one of the most common methods for initial access. Threat actors show a clear preference for low-friction, high-impact flaws, particularly unauthenticated RCE and vulnerabilities with publicly available proof-of-concept (PoC) exploits. 

With over 37,500 new vulnerabilities logged by NIST this year, the race is on for cybersecurity teams. While vulnerability exploitation remains the leading attack vector, and as cyber threats grow more sophisticated, proactive detection is essential to reducing the attack surface and mitigating risk.

Register now for the SOC Prime Platform to access an extensive library of context-enriched detection rules and AI-driven threat intelligence, helping you stay one step ahead of attacks leveraging emerging vulnerabilities. All the rules are compatible with multiple SIEM, EDR, and Data Lake formats and mapped to the MITRE ATT&CK® framework. Additionally, each rule is enriched with CTI links, attack timelines, audit configurations, triage recommendations, and more relevant context. Press the Explore Detections button to see the entire detection stack for proactive defense against critical vulnerabilities filtered by the “CVE” tag.

Explore Detections

Security engineers can also leverage Uncoder AI, an IDE and co-pilot for detection engineering. With Uncoder, defenders can instantly convert IOCs into custom hunting queries, craft detection code from raw threat reports, generate Attack Flow diagrams, enable ATT&CK tags prediction, leverage AI-driven query optimization, and translate detection content across multiple platforms.

CVE-2025-61882 Analysis

Oracle has recently rolled out an emergency update to fix a critical vulnerability in its E-Business Suite, which has been actively exploited in recent Cl0p ransomware data theft attacks. The flaw, tracked as CVE-2025-61882 with a CVSS score of 9.8, allows unauthenticated remote attackers to compromise the Oracle Concurrent Processing component via HTTP and gain full control over affected systems. Impacted versions include 12.2.3 through 12.2.14.

Oracle’s advisory confirms that the vulnerability can be exploited remotely without credentials, leading to potential RCE. The patch also addresses additional exploitation vectors discovered during the company’s internal investigation. The fix requires prior installation of the October 2023 Critical Patch Update. With a public PoC available and evidence of active exploitation, the vendor urges administrators to apply the patch immediately as a feasible CVE-2025-61882 mitigation step.

Google-owned Mandiant reported that adversaries are conducting a large-scale email campaign using hundreds of compromised accounts. The Mandiant CTO Charles Carmakal confirmed that Cl0p leveraged this and other Oracle EBS vulnerabilities, with some of them patched in mid-summer 2025, to steal large volumes of data from multiple victims in August 2025. He emphasized that, given the scale of exploitation and the likelihood of continued attacks by other actors, organizations should proactively investigate for signs of compromise, regardless of patching status.

The surge in zero-day attacks on mainstream products, combined with their increasing exploitability, is forcing organizations to adopt faster and more robust strategies to stay ahead of attackers. SOC Prime curates a comprehensive product suite that combines top cybersecurity expertise and AI, is built on zero-trust principles, and is backed by automated technologies and real-time threat intelligence, enabling security teams to outscale modern-day cyber threats, no matter their sophistication. 

 

Was this article helpful?

Like and share it with your peers.
Join SOC Prime's Detection as Code platform to improve visibility into threats most relevant to your business. To help you get started and drive immediate value, book a meeting now with SOC Prime experts.

Related Posts