Harvard University Breached in Oracle Zero-Day Attack
Summary
Harvard confirmed it was hit by an attack that exploited a zero-day flaw in Oracle E-Business Suite (EBS) tracked as CVE-2025-61882. The Clop ransomware group has claimed responsibility and posted stolen university data on its leak site as part of a wider campaign targeting Oracle customers.
The university says the incident affected a small administrative unit, that it applied Oracle’s patch and is continuing to monitor systems with no evidence of broader compromise. Authorities including US and UK agencies have warned organisations to patch immediately; the FBI urged urgent action. Oracle has also issued an advisory for a second critical EBS flaw (CVE-2025-61884) and strongly recommends emergency updates.
Key Points
- Clop ransomware group claims it stole Harvard data by exploiting a zero-day in Oracle EBS (CVE-2025-61882).
- CVE-2025-61882 allows unauthenticated remote access to EBS instances; exploitation observed as early as Aug 9, 2025.
- Harvard reports a limited impact to a small administrative unit, has applied the patch and is monitoring for further activity.
- US and UK authorities have issued warnings; FBI emphasised urgency to patch.
- Oracle released an additional EBS advisory for CVE-2025-61884 (affecting versions 12.2.3–12.2.14) and urges immediate mitigation.
- Security firms link these incidents to a sustained Clop campaign that follows prior high-profile supply-chain and enterprise app attacks (eg. MOVEit in 2023).
Context and relevance
This breach underlines a familiar trend: threat actors increasingly target widely used enterprise applications with zero-days to gain broad access quickly. Organisations running Oracle EBS are directly at risk; rapid patching and focused threat hunting on EBS environments are now critical. The incident also highlights Clop’s continued targeting of large organisations and the value of proactive vendor-agnostic detection.
Why should I read this?
Short answer: if your organisation uses Oracle E-Business Suite, this matters — big time. Patch immediately, check your EBS logs and backups, and assume motivated extortion groups are scanning for juicy targets. If you’re not on EBS, it’s still a neat reminder that widely deployed enterprise apps are a prime zero-day target these days.
Author note (style)
Punchy. This is high-impact, time-sensitive news. If you manage Oracle EBS, treat the details here as action items rather than background reading.