Excerpt from Z2Data Article, Published on November 25, 2025
A major data breach has raised concerns across global businesses. The attack targeted Oracle E – Business Suite through a zero – day flaw. As a result, attackers gained access to systems used by many large companies. The incident shows how fast a single security gap can expose critical business data.
According to the Z2Data report, the hack took place between November 20 and 21. During this short window, the Cl0p ransomware group breached 29 organizations. The attack was possible due to two high – risk vulnerabilities in Oracle E – Business Suite. These flaws exist in versions 12.2.3 through 12.2.14. They allow remote access without any login. Because of this, attackers could steal data with ease and move across systems without warning.
The first flaw, CVE – 2025 – 61882, affects the BI Publisher Integration. The second flaw, CVE – 2025 – 21884, impacts the runtime UI of the Oracle Configurator. Both weaknesses are serious. They allow full control of affected systems. Due to this, companies across manufacturing, retail, and other sectors are now assessing the damage.
Soon after the breach became public, Oracle urged its users to apply patches at once. The company released these fixes in early October. Still, many systems remained unpatched, which made the attack possible. This case highlights why regular updates and fast patching are essential for risk prevention.
Organizations using ERP, HR, finance, or supply – chain tools must take action now. First, they should apply all security updates. Next, they should review access logs for strange activity. They should also check data backups and strengthen network controls. These steps reduce the chance of another attack.
To delve deeper into this topic, visit Z2Data .
