CVE-2025-61757
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability - [Actively Exploited]
Description
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
INFO
Published Date :
Oct. 21, 2025, 8:20 p.m.
Last Modified :
Nov. 24, 2025, 1:38 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Apply the relevant Oracle Critical Patch Update advisory.
- Patch Identity Manager software to version 12.2.1.4.0 or later.
- Patch Identity Manager software to version 14.1.2.1.0 or later.
Public PoC/Exploit Available at Github
CVE-2025-61757 has a 6 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-61757.
| URL | Resource |
|---|---|
| https://www.oracle.com/security-alerts/cpuoct2025.html | Vendor Advisory |
| https://isc.sans.edu/diary/rss/32506 | Third Party Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757 | US Government Resource |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-61757 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-61757
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Oracle Identity Manager 远程代码执行漏洞CVE-2025-61757
Python
CVE-2025-61757
Python
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild and CryptoGen Nepal aims to simplify this for the general public in a more understandable way as well as in a format that can be easily integrated into their threat intelligence systems.
cve json rss cgn cisa kev
Python HTML
None
Python
None
Python Java Go Shell
爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)
Python HTML
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-61757 vulnerability anywhere in the article.
-
The Register
Clop's Oracle EBS rampage reaches Dartmouth College
Dartmouth College has confirmed it's the latest victim of Clop's Oracle E-Business Suite (EBS) smash-and-grab. According to a breach notification filed with Maine's attorney general, the New Hampshire ... Read more
-
The Cyber Express
CISA Adds Oracle Identity Manager Vulnerability to KEV Database
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added an Oracle Identity Manager vulnerability to its Known Exploited Vulnerabilities database after the SANS Internet Storm Center ... Read more
-
The Register
CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been ... Read more
-
CybersecurityNews
CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to immediately address a critical security flaw in Oracle Identity Manager following reports of active exploitation. ... Read more
-
TheCyberThrone
Critical Oracle Identity Manager Vulnerability Added to CISA KEV Catalog
November 22, 2025CISA officially added a critical vulnerability, CVE-2025-61757, to its Known Exploited Vulnerabilities (KEV) catalog, underscoring the urgent need for organizations using Oracle Ident ... Read more
-
security.nl
VS meldt actief misbruik van kritiek RCE-lek in Oracle Identity Manager
Aanvallers maken actief misbruik van een kritieke kwetsbaarheid in Oracle Identity Manager, zo laat het Amerikaanse cyberagentschap CISA weten. Gisteren verscheen er berichtgeving dat het beveiligings ... Read more
-
The Hacker News
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
Nov 22, 2025Ravie LakshmananZero-Day / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager t ... Read more
-
BleepingComputer
CISA warns Oracle Identity Manager RCE flaw is being actively exploited
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentia ... Read more
-
security.nl
Kritiek RCE-lek in Oracle Identity Manager mogelijk misbruikt bij aanvallen
Een kritieke kwetsbaarheid in Oracle Identity Manager is mogelijk weken voor het uitkomen van een beveiligingsupdate misbruikt door aanvallers, zo meldt het Internet Storm Center (ISC). Op 21 oktober ... Read more
-
The Hacker News
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves
Nov 20, 2025Ravie LakshmananCybersecurity / Hacking News This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, a ... Read more
The following table lists the changes that have been made to the
CVE-2025-61757 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Nov. 24, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://isc.sans.edu/diary/rss/32506 Types: Third Party Advisory Added Reference Type CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757 Types: US Government Resource -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Nov. 22, 2025
Action Type Old Value New Value Added Date Added 2025-11-21 Added Due Date 2025-12-12 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 21, 2025
Action Type Old Value New Value Added Reference https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757 -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Nov. 20, 2025
Action Type Old Value New Value Added Reference https://isc.sans.edu/diary/rss/32506 -
Initial Analysis by [email protected]
Oct. 24, 2025
Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:* Added Reference Type Oracle: https://www.oracle.com/security-alerts/cpuoct2025.html Types: Vendor Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Oct. 22, 2025
Action Type Old Value New Value Added CWE CWE-306 -
New CVE Received by [email protected]
Oct. 21, 2025
Action Type Old Value New Value Added Description Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added Reference https://www.oracle.com/security-alerts/cpuoct2025.html