CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
Overview
CISA has identified a critical security vulnerability in Oracle Identity Manager, classified as CVE-2025-61757, which is actively being exploited. This vulnerability involves missing authentication for a critical function, posing significant security risks.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: Oracle Identity Manager
- Timeline: Newly disclosed
Original Article Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated
Impact
Oracle Identity Manager
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Not specified
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to CVE, Zero-day, Vulnerability, and 2 more.