{"id":3134,"date":"2025-10-07T12:00:27","date_gmt":"2025-10-07T12:00:27","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/10\/07\/ncsc-patch-critical-oracle-ebs-bug-now\/"},"modified":"2025-10-07T12:00:27","modified_gmt":"2025-10-07T12:00:27","slug":"ncsc-patch-critical-oracle-ebs-bug-now","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/10\/07\/ncsc-patch-critical-oracle-ebs-bug-now\/","title":{"rendered":"NCSC: Patch Critical Oracle EBS Bug Now"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n
\n

Oracle E-Business Suite\u00a0(EBS) customers have been urged to patch a critical vulnerability in the product, after reports that the notorious Clop ransomware group has exploited the bug in attacks as a zero-day.<\/p>\n

The UK\u2019s National Cyber Security Centre (NCSC) pointed users to an emergency security update from the US software giant published over the weekend.<\/p>\n

It patches CVE-2025-61882, an unauthenticated remote code execution (RCE)\u00a0flaw impacting Oracle EBS versions 12.2.3-12.2.14.<\/p>\n

\u201cCVE-2025-61882 is a vulnerability in the BI Publisher Integration component of Oracle Concurrent Processing within Oracle E-Business Suite,\u201d explained the NCSC.<\/p>\n

\u201cAn unauthenticated attacker can send specially crafted HTTP requests to the affected component resulting in full system compromise. No user interaction is required.\u201d<\/p>\n

Read more on Oracle vulnerabilities: Extortion Emails Sent to Executives by Self-Proclaimed Clop Gang Member<\/em><\/p>\n

Google\u2019s Mandiant group said\u00a0the Clop ransomware group exploited the vulnerability as a zero-day back in August, along with other software flaws patched in the July 2025 Critical Patch Update.<\/p>\n

Clop is notorious for zero-day exploits in popular software, enabling it to steal and hold to ransom sensitive corporate data. That\u2019s the same modus operandi that enabled it to run the massive MOVEit campaign, as well as similar attacks on Accellion\u00a0and\u00a0GoAnywhere customers.<\/p>\n

Scattered Lapsus$ Hunters Leak Exploit<\/h2>\n

The need to patch is made more urgent by the fact that the infamous Scattered Lapsus$ Hunters threat groups has leaked the exploit used by the Clop gang. That means more opportunistic threat actors will likely try to launch attacks on Oracle customers.<\/p>\n

\u201cGiven that exploitation in-the-wild may have occurred since August 2025, customers of affected Oracle E-Business Suite instances that are accessible via the internet, should conduct suitable threat hunting to detect any potential malicious activity,\u201d urged Rapid7.<\/p>\n

The UK\u2019s NCSC has the following advice:<\/p>\n