Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle E-Business Suite July 2025 remotely exploitable flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

Oracle E-Business Suite (EBS) vulnerabilities fixed in the July 2025 Critical Patch Update are now tied to an ongoing Clop extortion campaign, raising risk for customers exposed to the patched flaws. Oracle said its investigation found the potential use of previously identified vulnerabilities, and three of the issues — CVE-2025-30745, CVE-2025-30746, and CVE-2025-50107 — were remotely exploitable without credentials. Oracle is urging customers to apply the latest Critical Patch Updates while investigators continue to assess whether data was actually stolen.

Related Happenings

Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave

Exploitation Wave
First: 26.03.2026 18:00 Last: 26.03.2026 18:00 Sources 1

About this happening: **Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...

Open Happening

Madison Square Garden hit by network compromise linked to Cl0p

Incident
First: 02.03.2026 15:53 Last: 02.03.2026 15:53 Sources 1

About this happening: **Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...

Open Happening

Cl0p Oracle EBS supply chain campaign impacting multiple organizations

Campaign
First: 08.12.2025 11:30 Last: 08.12.2025 11:30 Sources 1

About this happening: A **Cl0p**-linked **Oracle EBS supply chain campaign** is continuing, with **around 100 organizations** believed affected over **the past two months**. The growing disclosure list...

Open Happening

Oracle EBS zero-day exploitation wave (dozens of victims)

Exploitation Wave
First: 12.11.2025 17:30 Last: 12.11.2025 17:30 Sources 1

About this happening: A **multi-victim Oracle E-Business Suite (EBS) exploitation wave** is affecting **dozens of victims**, with the total possibly exceeding **100**. The activity is tied to **zero-da...

Open Happening

GlobalLogic Oracle EBS employee HR data leak

Data Leak
First: 11.11.2025 17:24 Last: 11.11.2025 17:24 Sources 1

About this happening: **GlobalLogic** disclosed that attackers stole **personal information** from **10,471 current and former employees** through its **Oracle E-Business Suite (EBS)** environment, cre...

Open Happening

Timeline

  1. 03.10.2025 15:14 2 articles · 7mo ago

    Oracle discloses Clop extortion emails tied to E-Business Suite flaws

    Initial Disclosure

    Oracle confirmed that some Oracle E-Business Suite customers received extortion emails from the Clop ransomware gang and said its investigation found potential use of vulnerabilities addressed in the July 2025 Critical Patch Update, including remotely exploitable CVE-2025-30745, CVE-2025-30746, and CVE-2025-50107. Oracle urged customers to update their software, apply the latest Critical Patch Updates, and contact Oracle support for assistance while investigators assessed the campaign.

    Show sources
    Open in new tab