Oracle has released a correction for a critical vulnerable execution of remote code (RCE) in its E-Business Suite (EBS) How a well -used ERP software package appears as the last vector for MASS CL0P (AKA CLOP).
The Oracle EBS ecosystem is deeply built into the financial and operating systems of Enterprise, which offer hackers access to a wide range of targeted indicators of high levels and potentially extreme consequences.
The deficiency under consideration, CVE-20225-6182Present in versions from 1.2.2.3 to 12.2.14 EEBS and affects the simultaneous component of tasks processing, which allows users to simultaneously launch several processes.
Assessment 9.8 on the CVSS scale, it is considered relatively easy to use. It is important to note that a non -asset attacker can use it over the network without the need to interact with the user, which leads to RCE.
Oracle Ebs Ecosystem, often deeply built into financial and operational systems, offers valuable goals with far -reaching influence on business
“Oracle always recommends that customers remain in actively supported versions and without delay use all security notifications and critical security corrections.
“Please note that the update of a critical patch in October 2023 is a prerequisite for the use of updates in this security warning,” the supplier added.
In its advisory notification Oracle shared a number of compromise indicators (IOC), which, apparently, associate the operation of the CVE-2025-61882, both with the Ransomware CL0P crew and the collective of the scattered Lapsus $ Hunters, which is not necessarily incredible, since the scattered spider acts as an avalent Ransomware in the past.
Jake Nott, main security researcher in WatchtowerHe said that EBS operation appeared today until August 2025 and warned that as of Monday October 6, the Exploit Code for CVE-2025-61882 was publicly availableField
“At first glance, he looked quite complicated and demanded real efforts to reproduce manually. But now, with a prolified working code of operation, this barrier disappears for the entrance. It is likely that almost no one is fixed on the weekend. Therefore, we wake up to a critical vulnerability with a publicly available code of operation and impossible systems everywhere, ”Nott said.
“We fully expect to see the mass, indignant operation of several groups for several days. If you launch Oracle EBS, this is your red notification. The deplorable fee immediately, aggressively, hunt for and delay management. ”
Writing on LinkedinCharles Karmakak, Director for Technical Director and Advisor to the Board of Directors in Google Cloud's MandiantHe confirmed this, saying that CL0P almost certainly exploited many other EBS vulnerabilities, including some that were fixed a couple of months ago. The gang is allegedly associated with the victims since the beginning of last week, but the pocket added that she may have not yet contacted everyone.
CL0P warning from history
As can be seen in 2023, when it is successful aimed at a lack of software. Software handling of software producing additions for software prison for elective soti victims, the CL0P gang makes a habit of carrying out massive operations against several lower organizations using widely used software packages. The mass targeting of Oracle EBS, which is now observed, is suitable for this established operating method.
Historically, CL0P activity occurs in short, loud bursts between the long periods of downtime is the same, due to administrative burden, which creates mass attacks and and Kroll The managing director of the stability of cyber and data, Max Henderson, was one of those who warned for several weeks that the gang probably remembered. He said Computer Weekly that others can follow, and described “gloomy” influences.
“There must be an urgent impulse for the victims and users of Oracle to correct this, since ongoing attacks or attacks from other groups may continue. We expect that a long tail of self-identifying victims in this situation, since many victims do not know about e-letters of extortion in their folders, ”said Henderson.
