CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The Hacker News
Actively Exploited
Summary
CISA has identified a critical security vulnerability in Oracle Identity Manager, classified as CVE-2025-61757, which is actively being exploited. This vulnerability involves missing authentication for a critical function, posing significant security risks.
Original Article Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated
Impact
Oracle Identity Manager
In the Wild
Yes
Timeline
Newly disclosed
Remediation
Not specified