CL0P Exploits Oracle E-Business Suite Zero-Day: What You Need to Know

MUHAMMAD ADIB
Oct 14
2 min read

Hey everyone, cybersecurity enthusiasts and tech defenders! A new campaign is making headlines, and this time, Oracle E-Business Suite (EBS) is the main target. The CL0P ransomware group has been exploiting a critical zero-day vulnerability (CVE-2025-61882) in Oracle EBS to steal data and launch extortion attacks against global organizations.

What Happened

The campaign started in mid-2025, when attackers began using multiple flaws in Oracle EBS to gain access to sensitive business systems. Researchers from Google TAG and Mandiant discovered that CL0P used a Java and XSL exploit chain to execute malicious code and exfiltrate data. Even Harvard University appeared on CL0P’s leak site following this attack.

The Impact

Oracle EBS is widely used for financial and administrative operations, making it a high-value target. Once compromised, attackers can steal business data, disrupt workflows, and hide their activity deep within enterprise systems. The scale of this attack shows how quickly zero-day vulnerabilities can be turned into real-world threats.

Who’s Behind It

The activity points to CL0P-linked cybercriminals, known for previous large-scale data theft and extortion campaigns. Their goal remains clear: financial gain through stealing and leaking sensitive corporate information.

Who’s at Risk

Any organization running Oracle E-Business Suite, especially those not fully patched or directly accessible from the internet, should consider themselves at risk. The zero-day remained undiscovered for months, which increased the potential exposure.