What data was affected in the Broadcom breach?

Broadcom has not disclosed the number of affected individuals or specific types of exposed data. The company stated that only limited types of data processed in Oracle were potentially affected.

Advisory

Cl0p Ransomware gang claims breach of Broadcom through Oracle E-Business Suite vulnerabilities

Q: What happened to Broadcom's systems?

The Cl0p ransomware group claimed responsibility for breaching Broadcom's internal systems as part of a massive extortion campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite.

Q: What vulnerability was exploited in the Broadcom breach?

The attack exploited CVE-2025-61882, a critical vulnerability with a CVSS score of 9.8. This flaw allows attackers to execute arbitrary code without authentication through Oracle's Business Intelligence Publisher integration within the Concurrent Processing component.

Q: How did Broadcom respond to the security incident?

Broadcom confirmed it uses Oracle E-Business Suite for certain internal corporate financial operations. The company has forensically examined and patched its Oracle system to remediate the vulnerabilities. Broadcom claims operations are not affected and maintains full confidence in the integrity of its financial data.

Q: Is there risk to Broadcom customers and partners?

Broadcom claims that if any of the limited types of data processed in Oracle are leaked, it does not expect the information to pose significant risk to customers, vendors, partners, or employees.

published: Nov. 21, 2025

Learn More

The Cl0p ransomware group has claimed responsibility for breaching Broadcom's internal systems as part of a massive extortion campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite.

The attack exploited CVE-2025-61882 (CVSS score 9.8), which allows attackers to execute arbitrary code without authentication through Oracle's Business Intelligence Publisher integration within the Concurrent Processing component.

Broadcom was listed as one of the highest-profile victims in this exploitation campaign that has compromised organizations globally.

In response to the incident, a Broadcom spokesperson confirmed to Cybersecuritynews.com that the company uses Oracle E-Business Suite for certain internal corporate financial operations and has been targeted by cybercriminals exploiting these zero-day vulnerabilities.

The number of affected individuals or exposed data types is not disclosed.

Broadcom stated that it has forensically examined and patched its Oracle system to remediate the vulnerabilities, and claims that operations are not affected with full confidence in the integrity of financial data. The company claims that if any of the limited types of data processed in Oracle are leaked, it does not expect the information to pose significant risk to customers, vendors, partners, or employees.

Cl0p Ransomware gang claims breach of Broadcom through Oracle E-Business Suite vulnerabilities