On 2 October 2025, announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle¡¯s investigation revealed the potential use of vulnerabilities previously addressed in the .?
The following nine vulnerabilities in EBS products were addressed in the July update. These vulnerabilities range from medium to high severity, with three potentially exploitable by remote, unauthenticated threat actors:?
| Vulnerability?? | Affected Product? |
| CVE-2025-30743? | Oracle Lease and Finance Management? |
| CVE-2025-30744? | Oracle Mobile Field Service? |
| CVE-2025-50105? | Oracle Universal Work Queue? |
| CVE-2025-50071? | Oracle Applications Framework? |
| CVE-2025-30746? | Oracle iStore? |
| CVE-2025-30745? | Oracle iStore? |
| CVE-2025-50107? | Oracle Universal Work Queue? |
| CVE-2025-30739? | Oracle CRM Technical Foundation? |
| CVE-2025-50090? | Oracle Applications Framework? |
In the days prior to Oracle¡¯s announcement, Arctic Wolf observed multiple open-source reports of organisations receiving extortion emails from a threat actor claiming affiliation with the Cl0p ransomware group. These emails, sent from various compromised accounts, were often directed at organisational executives.?
Recommendation?
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version of your impacted EBS product.?
| Product? | Affected Version? | Fixed Version? |
| Oracle Lease and Finance Management? | 12.2.13? | ? |
| Oracle Mobile Field Service? | 12.2.3-12.2.13? | |
| Oracle Universal Work Queue? | 12.2.3-12.2.14? | |
| Oracle Applications Framework? | 12.2.3-12.2.14? | |
| Oracle iStore? | 12.2.3-12.2.14? | |
| Oracle iStore? | 12.2.12-12.2.13? | |
| Oracle Universal Work Queue? | 12.2.5-12.2.14? | |
| Oracle CRM Technical Foundation? | 12.2.11-12.2.13? | |
| Oracle Applications Framework? | 12.2.3-12.2.14? |
Note: Oracle E-Business Suite (EBS) relies on Oracle Database and Fusion Middleware, which are affected by other vulnerabilities in the July 2025 update. EBS exposure depends on the versions of these components, so Oracle recommends applying the July 2025 Critical Patch Update to both Database and Fusion Middleware. More information is available in .?
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.?
References?
Resources
Understand the threat landscape with our annual review highlighting cyber threats with the?2025 Security Operations Report.?
See how?Arctic Wolf utilises threat intelligence?to harden your attack surface and stop threats earlier and faster.
