Oracle has issued a security alert regarding a new vulnerability in its E-Business Suite (EBS) that could allow unauthorized remote access. This flaw, identified as CVE-2025-61884 with a CVSS score of 7.5, is considered high-severity and can be exploited without needing authentication. It affects Oracle Configurator, which is part of EBS versions 12.2.3 to 12.2.14, and could lead to unauthorized access to sensitive data. Although there have been no reports of this vulnerability being exploited in the wild, the Cl0p ransomware group has previously targeted Oracle systems, sending extortion emails from compromised accounts. Security experts warn that the release of a public proof-of-concept exploit heightens the risk of widespread attacks. The Cl0p group, known for exploiting zero-day vulnerabilities, has been linked to multiple malware payloads and has a history of targeting similar applications. Their tactics often involve minimizing their network footprint and delaying extortion notifications to maximize impact.
Is a new Oracle EBS vulnerability exposing companies to remote threats?
