Oracle Rushes Out Another Emergency E Business Suite Patch As Clop Falloutwidens
Oracle is rushing out another emergency patch for its embattled E-Business Suite as the fallout from the Clop-linked attacks continues to spread.
The newly disclosed flaw, tracked as CVE-2025-61884 and slapped with a CVSS score of 7.5, affects the Runtime UI component in EBS, and Oracle’s advisory warns that the flaw can be exploited remotely without authentication and “may allow access to sensitive resources.”
In other words, it’s another wide-open door into one of Oracle’s most business-critical systems, and the kind of bug that cybercrims love to chain with others for data theft, extortion, or to delve deeper into enterprise networks.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password,” Oracle said. “Oracle strongly recommends that customers apply the updates or mitigations provided by this Security Alert as soon as possible.”
Big Red hasn’t said whether the bug has been used in the wild or if it’s tied to the same campaign that’s already claimed victims from universities to major enterprises.
Oracle has yet to respond to The Register‘s questions.
The patch arrives a week after Oracle rushed out a fix for a nastier zero-day in the same suite, one that let attackers run code without logging in and has been tied to the ongoing Clop-linked hacking spree.
Google’s Threat Intelligence Group said at the time it was aware of “dozens” of confirmed victims but expected the real number to exceed a hundred. The campaign is believed to have started months before Oracle’s first fix, with attackers quietly probing EBS environments as early as July. Researchers warned that the crooks were likely chaining multiple bugs together, leaving even recently updated installations at risk if earlier fixes weren’t properly applied.
While Oracle hasn’t said whether this latest flaw is part of the same exploit chain, the timing raises eyebrows. The bug may have surfaced during Oracle’s own post-mortem into the Clop campaign, as engineers dug through compromised systems to see just how deep the damage went – and what else might still be lurking under the hood.
Adding to the excess, Harvard University has confirmed it’s investigating a cybersecurity incident apparently linked to the Oracle EBS breaches. The university said the intrusion affected “a limited number of parties associated with a small administrative unit,” adding that relevant Oracle patches have since been applied.
Whether this latest flaw represents a new front in the same campaign or simply the next in a series of overdue discoveries remains unanswered. What’s certain is that Oracle’s E-Business Suite has become the latest weekend wrecker for enterprise admins – and the party’s nowhere near over. ®
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
