Oracle has confirmed that a few of its prospects have acquired extortion emails and the software program large’s investigation signifies that the attackers could have exploited recognized vulnerabilities.
Google Menace Intelligence Group (GTIG) and Mandiant revealed this week that executives at many organizations utilizing Oracle’s E-Enterprise Suite (EBS) enterprise useful resource planning product have acquired emails claiming the theft of delicate data.
GTIG and Mandiant researchers have but to substantiate the hackers’ claims, however identified that the extortion emails declare to return from members of the infamous Cl0p cybercrime group, and the messages have been despatched from compromised accounts beforehand linked to a different cybercrime gang tracked as FIN11.
Contacted by information.killnetswitch, Oracle representatives pointed to a weblog put up revealed on Thursday by Rob Duhart, the software program large’s chief security officer.
Duhart stated the corporate is conscious that some E-Enterprise Suite prospects have acquired extortion emails.
“Our ongoing investigation has discovered the potential use of beforehand recognized vulnerabilities which can be addressed within the July 2025 Vital Patch Replace,” Duhart defined, with out naming the doubtless exploited flaws.
Oracle fastened roughly 200 vulnerabilities with its July 2025 CPU. 9 patches have been launched for E-Enterprise Suite, together with three for flaws that may be exploited remotely with out authentication. These three vulnerabilities, all rated ‘medium severity’, are tracked as CVE-2025-30746, CVE-2025-30745 and CVE-2025-50107. Oracle’s advisory signifies that consumer interplay is required for his or her exploitation.
Three vulnerabilities fastened in July in E-Enterprise Suite have been assigned a ‘excessive severity’ score: CVE-2025-30743, CVE-2025-30744, and CVE-2025-50105. Whereas they don’t permit distant exploitation with out authentication, their exploitation doesn’t require consumer interplay.
If the involvement of Cl0p and/or FIN11 is confirmed, it shouldn’t come as a shock. Each teams, that are linked, are recognized to launch campaigns that contain the exploitation of vulnerabilities in software program that’s utilized by many organizations to deal with delicate information.
Cl0p was behind campaigns focusing on Cleo, MOVEit, and Fortra file switch merchandise. The FIN11 group was behind a marketing campaign that focused an Accellion file switch service. All of those campaigns concerned the exploitation of zero-day flaws.
Earlier this yr, Oracle confirmed that hackers managed to steal information from a legacy cloud surroundings.
