πŸ”΄ CVE-2025-61757

Critical pre-authentication remote code execution vulnerability in Oracle Identity Manager REST WebServices component. Allows complete system takeover via unauthenticated HTTP requests with CISA-confirmed active exploitation.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-10-21

Added to CISA KEV: 2025-11-21 31 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2025-11-21)

CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability affecting Oracle Identity Manager (OIM) [2]. Here's what is known about its exploitation:

  • Internet-facing applications or services: The vulnerability affects the Identity Manager product of Oracle Fusion Middleware [1]. It involves a missing authentication for critical function, and is easily exploitable with network access via HTTP [3][1].
  • Evidence of active exploitation in the wild: CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities Catalog, confirming active exploitation [5][3].
  • Attack vectors and exploitation methods: The vulnerability is located in the REST WebServices component of Oracle Identity Manager [1][6]. It allows unauthenticated attackers with network access via HTTP to compromise Identity Manager [1]. Proof-of-concept code has been published for authentication bypass and remote code execution in OIM [7].
  • Whether it's been used in targeted attacks: While there is evidence of active exploitation, specific details about targeted attacks are limited [2]. One report suggests it may have been exploited as a zero-day [8].
  • CISA Known Exploited Vulnerabilities status: CVE-2025-61757 is listed in CISA's Known Exploited Vulnerabilities Catalog [5][3].
  • Technical details about internet exploitability: The vulnerability is easily exploitable, requires no privileges or user interaction, and can impact all aspects of security [4]. Successful exploitation can result in a takeover of the Identity Manager [1].

Sources

  1. CVE-2025-61757 - Vulnerability Details - OpenCVE

    Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. S…

  2. Critical Oracle Identity Manager Flaw Possibly Exploited as Zero ...

    The vulnerability, tracked as CVE-2025-61757, was disclosed on Thursday by Searchlight Cyber, whose researchers discovered the issue and reported it to Oracle. The security firm described it as a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager.

  3. CVE-2025-61757 Impact, Exploitability, and Mitigation Steps | Wiz

    This indicates the vulnerability is easily exploitable, requires no privileges or user interaction, and can impact all aspects of security - confidentiality, ...

  4. Known Exploited Vulnerabilities Catalog

    CVE-2025-61757 ... Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability: Oracle Fusion Middleware contains a missing authentication ...

  5. CISA Adds One Known Exploited Vulnerability to Catalog

    This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding ...See more…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed