Oct 10, 2025 17:25:00

Google Security Team Reports Massive Data Exfiltration from Oracle E-Business Suite Users

It has been revealed that a zero-day vulnerability exists in

Oracle E-Business Suite (EBS) , a business efficiency tool developed by Oracle, and that it has already been exploited by attackers. Google's threat intelligence team, the Google Threat Intelligence Group, has reported that 'attackers have been found to have stolen large amounts of data from companies.'

Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign | Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation/?hl=en

The attacks were carried out by threat actors associated with the data leak sites known as 'CL0P' and 'CL0P^_-LEAKS,' and have affected hundreds, if not thousands, of companies and organizations.

Below is an example of a threatening email sent by the attacker to the target after September 29, 2025. The attacker also presented a 'data list dating back to mid-August 2025' as evidence of the stolen data, and asked the victim to contact the specified email address if they agreed to the transaction.

Additionally, CL0P's website also contains messages demanding transactions from victim organizations. These messages do not specify the method of the transaction or the amount required to prevent the data leak. According to Google, not disclosing details of the transaction is a common tactic used by attackers, and details will be provided only after being contacted by a 'person authorized to negotiate.'

The attack exploited a zero-day vulnerability in EBS, CVE-2025-61882 , and began around July 2025. Google is urging organizations using EBS to immediately apply the emergency patch released on October 4, 2025.

More details about the emergency patch can be found at the link below.

Oracle Security Alerts CVE-2025-61882
https://www.oracle.com/security-alerts/alert-cve-2025-61882.html