Oracle has fixed a zero-day vulnerability in one of its flagship business software products that a hacking group is currently abusing to steal personal information about corporate executives.
In a brief post updated over the weekend, Oracle chief security officer Rob Duhart said the tech giant released a new patch to fix a vulnerability in its Oracle E-Business suite, and urged customers to install the update as soon as possible.
The security advisory said the bug, tracked officially as CVE-2025-61882, can be “exploited over a network without the need for a username and password.” The advisory provided several so-called indicators of compromise to help Oracle customers identify evidence of hackers on their systems, suggesting that hackers are currently exploiting the vulnerability to steal customers’ sensitive data.
Oracle says thousands of organizations around the world use its E-Business Suite to run their companies, including storing their customer data and their employees’ human resources files.
The bug is known as a zero-day because Oracle, in this case, was given no time to patch the bug before it was maliciously exploited.
Duhart’s updated post is an about-face from earlier this week, when a previous version of his post said Oracle was aware that some executives “have received extortion emails” linked to previously identified vulnerabilities patched in July, suggesting the extortion campaign was over. The newly identified zero-day bug suggests the hackers continued to exploit flaws in Oracle’s E-Business software that were unknown to Oracle at the time.
News of the extortion attempts targeting corporate executives first emerged last week.
On October 2, Google security researchers said they found the prolific hacking group called Clop, which has been linked to numerous ransomware attacks and extortion attempts in recent years, was sending emails to Oracle executives around September 29 demanding money to not publish their personal information online.
Charles Carmakal, the chief technology officer of Google’s incident response unit Mandiant, said in a post published Sunday on LinkedIn that the vulnerabilities in Oracle’s E-Business software were being used in a “mass exploitation” campaign for data theft and extortion.
Much of the exploitation happened during August, said Carmakal, after the July patches were released.
“Clop has been sending extortion emails to several victims since last Monday,” said Carmakal, but noted that the hackers haven’t reached out to all victims yet.
