Oracle Revises Statement After Clop Zero-Day Exploit

Oracle released emergency patches for a critical zero-day, CVE-2025-61882, in E-Business Suite (BI Publisher Integration/Oracle Concurrent Processing) that allows unauthenticated remote code execution in versions 12.2.3–12.2.14 and is rated CVSS 9.8. Investigators including Google/Mandiant say the flaw has been actively exploited by the Clop ransomware group since August 2025 to steal large volumes of corporate data and run an email-based extortion campaign that targeted corporate executives. Oracle initially pointed to previously patched July vulnerabilities but revised its statement after the new zero-day was linked to the attacks and published indicators of compromise and updated fixes. Security firms including Mandiant and watchTowr warn working exploit code has leaked, lowering the barrier to additional actors and raising the risk of mass exploitation and overlapping activity with groups such as Scattered Lapsus$ Hunters. Oracle is urging customers to apply the emergency updates immediately and to investigate whether they have already been compromised, noting thousands of organizations use E-Business Suite to store critical HR and customer data.