Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign

Technical analysis of active exploitation attempts against Oracle E-Business Suite (EBS) observed July–August 2025: investigators observed activity targeting /OA_HTML/configurator/UiServlet and /OA_HTML/SyncServlet leading to unauthenticated remote code execution via a chain of primitives (SSRF, CRLF, auth bypass, XSL injection). The report links observed IPs and leaked exploit artifacts to in-the-wild activity, documents sample payloads (e.g., Bash reverse shell), and notes that Oracle patches released in July and October 2025 likely mitigate known exploitation chains while some exploitation attempts continued against unpatched systems.