Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
07.10.2025
2997
Oracle releases an emergency fix for CVE-2025-61882 after Cl0p exploits critical EBS flaw.
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Oracle just dropped an emergency patch for CVE-2025-61882 after the notorious Cl0p ransomware gang weaponized this critical E-Business Suite vulnerability in active data theft attacks. This isn't a drill — they're already exploiting it in the wild.
The vulnerability affects Oracle E-Business Suite (EBS) — specifically the Oracle Web Applications Desktop Integrator component. Cl0p has been actively exploiting it to breach systems and exfiltrate sensitive corporate data before deploying ransomware payloads.
Oracle confirmed the attacks are happening right now and rushed out this out-of-band patch outside their normal quarterly Critical Patch Update cycle. If you're running EBS, patch immediately — Cl0p isn't waiting around.
- • CVE-2025-61882: Critical vulnerability in Oracle E-Business Suite
- • Exploited by: Cl0p ransomware group
- • Attack type: Data theft followed by ransomware deployment
- • Affected component: Oracle Web Applications Desktop Integrator
- • Patch status: Emergency out-of-band patch released
- • Threat level: ACTIVE EXPLOITATION IN THE WILD
This is classic Cl0p behavior — they're masters at finding and weaponizing critical vulnerabilities before patches are widely deployed. Their playbook: breach → exfiltrate data → deploy ransomware → extort victims with double pressure (encryption + data leak threats).
Oracle EBS users need to treat this as a fire drill. The patch is available now through Oracle's standard update channels. Don't wait for the next quarterly update — by then, Cl0p will have already hit dozens more organizations.
#hack#ransomware#data theft#security patches#CVE vulnerabilities
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
