Report Incident
× Home Cybertech Africa 2023 2 DPO Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Alert: Active Exploitation of Oracle E-Business Suite Vulnerability (CVE-2025-61882)

A critical vulnerability (CVE-2025-61882, CVSS 9.8) in Oracle E-Business Suite is being actively exploited worldwide by the Cl0p ransomware group. The flaw allows unauthenticated remote code execution, enabling attackers to compromise affected systems.
 
Affected Systems:
Oracle E-Business Suite versions 12.2.3 to 12.2.14.
 
Security Risks
Successful exploitation can let attackers take full control of the system, access sensitive information, disrupt operations, and compromise the security and reliability of affected systems.
 
Recommended Actions
The National Cyber Security Authority (NCSA) strongly recommends that system administrators to:
  • Follow Oracle Security Alerts CVE-2025-61882 to lower the risk of potential exploits, protect systems, and ensure their security.
  • Apply the required and latest security updates as soon as possible.
  • Before updating or patching, please ensure that you have the latest backup that can easily be restored.
 

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us at 9009.

 
References

08 October 2025

© 2025 National Cyber Security Authority