Oracle released an emergency patch on October 11, 2025, to address a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), identified as CVE-2025-61884. The vulnerability resides in the Runtime UI component of Oracle Configurator and allows remote, unauthenticated attackers to access sensitive resources within affected EBS installations. The flaw impacts Oracle EBS versions 12.2.3 through 12.2.14, and Oracle has provided a fixed version to mitigate the risk. Security researchers have noted that, as of the time of the patch release, there is no public proof-of-concept exploit available for CVE-2025-61884, and Oracle has not reported any evidence of exploitation in the wild. Despite this, the context of recent extortion emails sent to Oracle EBS customers by the Cl0p ransomware group has heightened concern about potential targeting of this vulnerability. Arctic Wolf recommends that all organizations using affected versions of Oracle EBS apply the emergency patch as soon as possible and follow their internal patching and testing protocols to minimize operational disruption. The vulnerability’s nature as an information disclosure issue means that sensitive business data could be exposed if left unpatched, increasing the risk of data theft or further compromise. Oracle has not confirmed any direct link between CVE-2025-61884 and the Cl0p ransomware activity, but the timing of the patch and the extortion attempts has led to increased vigilance among security teams. The advisory stresses the importance of prompt remediation, given the historical interest of threat actors in Oracle EBS vulnerabilities. Organizations are urged to consult Oracle’s official advisory for detailed patching instructions and to review their exposure to the affected EBS versions. The emergency nature of the patch underscores the seriousness with which Oracle and the security community are treating this vulnerability. Security bulletins from multiple sources reiterate the need for immediate action to prevent potential exploitation. The lack of a public exploit does not preclude the possibility of targeted attacks, especially given the sophistication of groups like Cl0p. The incident highlights the ongoing risks associated with complex enterprise software suites and the need for rapid response to critical vulnerabilities. Security teams should monitor for any signs of attempted exploitation and ensure that all relevant systems are updated. The release of this patch is part of Oracle’s broader efforts to address emerging threats and protect its customers from evolving cyber risks. Organizations that delay patching may face increased scrutiny from regulators and partners, especially if a breach occurs as a result of this vulnerability. The situation remains dynamic, and further updates may be issued if exploitation is detected or additional technical details emerge.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
Oracle issued an emergency security update to address CVE-2025-61884, an information disclosure vulnerability affecting Oracle E-Business Suite. Multiple references describe the update as urgent or emergency guidance for customers to remediate the flaw.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
securityaffairs.com
Open sourcesocradar.io
Open sourcearcticwolf.com
Open sourcearcticwolf.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.