H-ISAC TLP White Vulnerability Bulletin: Oracle E-Business Suite Vulnerability (CVE-2025-61882) Exploited in Extortion Attacks

On October 4, 2025, Oracle released an advisory to address a critical vulnerability, CVE-2025-61882, affecting E-Business Suite (EBS) systems, versions 12.2.3 through 12.2.14.

This flaw allows unauthenticated remote code execution (RCE) and has been confirmed to be actively exploited in the wild by the Cl0p ransomware group to steal sensitive data and conduct subsequent extortion campaigns against multiple corporations. Immediate patching is recommended to prevent compromise of critical business and sensitive data.

Health-ISAC provides this information to increase situational awareness and encourage organizations to assess their level of risk to this vulnerability.

View the detailed bulletin below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Issue Landing Page
Support for Your Cybersecurity Program
Guides/Reports
Cybersecurity and Risk Advisory Services
Standards/Guidelines
Become an AHA Preferred Cybersecurity and Risk Provider
Public
Issue Landing Page
AHA Preferred Cybersecurity & Risk Provider Program