Type
Campaign
Actors
Cl0p
Pub. date
October 2, 2025
Initial access
0-day vulnerability1-day vulnerability
Impact
RansomOp
Observed techniques
Vulnerability exploitation
Observed tools
Cl0p ransomware
Targeted technologies
Oracle E-Business Suite
References
https://www.oracle.com/security-alerts/cpujul2025.html#AppendixEBShttps://techcrunch.com/2025/10/02/hackers-are-sending-extortion-emails-to-executives-after-claiming-oracle-apps-data-breach
Status
Finalized
Last edited
Oct 9, 2025 9:50 AM
In an October 1st Bloomberg article, Halcyon, a cybersecurity company responding to a related incident, has stated that the attackers gained access to the data by compromising user emails and abusing the default password-reset function. On October 2nd, Oracle posted a statement on their blog, saying that they are aware of the extortion emails and said that they found the potential use of vulnerabilities patched in their July 2025 Critical Patch Update. This update patched nine vulnerabilities affecting supported versions 12.2.3 - 12.2.13.
On October 5th, Oracle disclosed CVE-2025-61882 affecting E-Business Suite, exploited in-the-wild as a 0-day vulnerability.