Detections
Analytics

CVE-2025-61757

critical

Description

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

References

https://www.oracle.com/security-alerts/cpuoct2025.html

https://isc.sans.edu/diary/rss/32506

https://www.theregister.com/2025/11/24/cisa_oracle_identity_manager/

https://www.securityweek.com/cisa-confirms-exploitation-of-recent-oracle-identity-manager-vulnerability/

https://www.infosecurity-magazine.com/news/cisa-kev-oracle-identity-manager/

https://www.hipaajournal.com/critical-flaw-oracle-identity-manager-nov-2025/

https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html

https://securityaffairs.com/184935/security/u-s-cisa-adds-an-oracle-fusion-middleware-flaw-to-its-known-exploited-vulnerabilities-catalog.html

https://www.bleepingcomputer.com/news/security/cisa-warns-oracle-identity-manager-rce-flaw-is-being-actively-exploited/

https://www.securityweek.com/critical-oracle-identity-manager-flaw-possibly-exploited-as-zero-day/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757

Details

Source: Mitre, NVD

Published: 2025-10-21

Updated: 2025-11-24

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.60955

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest