# Oracle releases emergency patch for new E-Business Suite flaw

![](https://www.bleepstatic.com/content/hl-images/2025/10/13/Oracle.jpg)

Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers.

Tracked as , this information disclosure flaw in the Runtime UI component affects EBS versions 12.2.3 to 12.2.14 and could allow unauthenticated threat actors to steal sensitive data remotely following successful exploitation.

"This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. Oracle strongly recommends that customers apply the updates or mitigations provided by this Security Alert as soon as possible," .

"This vulnerability has received a CVSS Base Score of 7.5. If successfully exploited, this vulnerability may allow access to sensitive resources,  Rob Duhart, Oracle's Chief Security Officer.

Oracle released the CVE-2025-61884 patch almost two weeks after a Clop extortion campaign targeting , which the company later linked to  and then  now tracked as CVE-2025-61882.

Since then, cybersecurity firm CrowdStrike said they first spotted Clop exploiting CVE-2025-61882 as a zero-day  and warned that other threat groups may have also joined the attacks.

watchTowr Labs security researchers have also  that can allow unauthenticated attackers to gain remote code execution, as evidenced by a proof-of-concept (PoC) exploit (with a ) that was  by the Scattered Lapsus$ Hunters cybercrime gang.

The Clop extortion group was behind other  targeting zero-days in , , , and , with the latter impacting .

Oracle has not tagged the CVE-2025-61884 vulnerability patched over the weekend as exploited in the wild, and has yet to link it to CVE-2025-61882 attacks.

However, seeing that internet-facing Oracle EBS instances are actively targeted, defenders are strongly advised to apply the out-of-band CVE-2025-61884 patch as soon as possible.

Join the **Breach and Attack Simulation Summit** and experience the **future of security validation**. Hear from top experts and see how **AI-powered BAS** is transforming breach and attack simulation.

Don't miss the event that will shape the future of your security strategy

	  ****
