Oracle EBS Attack Victims May Be More Numerous Than Expected
Summary
A critical zero-day in Oracle E-Business Suite (CVE-2025-61882) affecting Concurrent Processing has been actively exploited in the wild. The vulnerability allows unauthenticated remote access and potential remote code execution, enabling follow-on activities such as data theft and extortion. The ransomware-as-a-service group Clop has targeted Oracle EBS customers using this flaw; evidence from Clop’s leak site and security researchers suggests high-profile organisations — including Schneider Electric, Pan American Silver and Cox Enterprises — may be affected, while Harvard University and several others have already confirmed breaches.
Oracle has released patches and strongly advised customers to apply updates immediately. Google Threat Intelligence Group has flagged possible involvement from financially motivated actors like FIN11, though attribution remains tentative. The FBI has warned that internet-reachable EBS instances are at immediate risk and described the vulnerability as a “stop-what-you’re-doing and patch immediately” issue.
Key Points
- CVE-2025-61882 is a critical zero-day in Oracle E-Business Suite (Concurrent Processing) that enables unauthenticated remote compromise.
- Clop ransomware actors have been exploiting the vulnerability and posting stolen data on their leak site.
- Reported or suspected victims include Harvard University, Schneider Electric, Pan American Silver and Cox Enterprises; exact scope remains uncertain.
- Oracle has published security updates — organisations using EBS should apply patches without delay.
- Google TAG noted possible FIN11 involvement; attribution is not yet confirmed.
- The FBI warned that internet-facing EBS systems are at high risk of full compromise if unpatched.
Why should I read this?
Short version: if you run Oracle E-Business Suite, this is urgent — patch now. Seriously, don’t skim past this one. If you’re responsible for apps, infra or risk, this article tells you who’s being named, why attackers are exploiting the flaw, and that the bad actors are already leaking data. If Oracle EBS isn’t in your estate, it’s still worth a quick check-in with teams who manage ERP and legacy systems — the fallout could ripple through partners and suppliers.