Patch now! Attackers blackmail Oracle E-Business Suite customers
Administrators of the Oracle E-Business Suite software should secure their instances due to current attacks.
(Image: Foxeel,Shutterstock.com)
The software manufacturer Oracle warns of attacks on E-Business Suite (EBS). The unknown perpetrators will then attempt to blackmail Oracle customers. Admins should immediately install the security updates that have been available since July of this year.
Attacked and blackmailed
In a short article, Oracle points out the attacks. According to the software manufacturer, some EBS customers are currently receiving blackmail emails. As a rule, such attacks are carried out in such a way that attackers gain access to servers in various ways, copy data and threaten to publish it. This is accompanied by a ransom demand. Further details on this specific case and the extent of the attacks are currently not available. Oracle customers should contact support for further enquiries.
Oracle states that the attackers are probably targeting a vulnerability that was closed in July 2025 to gain access to systems. They do not specify which vulnerability this is. They have closed a total of nine vulnerabilities in EBS. Three of these vulnerabilities (CVE-2025-30745"medium", CVE-2025-30746"medium", CVE-2025-50107"medium") can be exploited remotely and without authentication.
Videos by heise
Prepare systems against attacks
In the course of the Critical Patch Update in July, the developers published a total of 309 security updates. Administrators of Oracle software, especially EBS, should ensure that their systems are up-to-date. Oracle always publishes security updates collectively and on a quarterly basis. However, there are also emergency updates out of sequence if circumstances require it.
(des)
