The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog. Read this Cybersecurity Threat Advisory to learn about the current risk and apply relevant patches now.
What is the threat?
The vulnerability, CVE-2025-61757 with a CVSS of 9.8, enables pre-authenticated remote code execution by bypassing authentication. It affects Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0.
CVE-2025-61757 allows attackers to access API endpoints, manipulate authentication flows, escalate privileges, and move laterally across an organization’s core systems. It is a pre-authentication remote code execution vulnerability that combines an authentication bypass with arbitrary code execution, potentially enabling full system compromise.
Why is it noteworthy?
The authentication bypass arises from a security filter flaw which makes protected endpoints publicly accessible by adding “?WSDL” or “;.wadl” to a URL. Several IP addresses are scanning for this vulnerability, all using the same agent, suggesting a single actor is behind the activity.
What is the exposure or risk?
According to SANS Institute, possible exploitation has been recorded several times between August 30 and September 9, weeks before Oracle released a patch. Oracle Fusion Middleware has a known missing-authentication vulnerability that could enable unauthenticated remote control of Identity Manager.
What are the recommendations?
Barracuda recommends the following actions to secure Oracle Identity Manager against CVE-2025-61757
- Apply the relevant patches immediately.
- Isolate affected systems from the public internet.
- Maintain ongoing support by staying on actively supported Oracle Identity Manager versions.
References
For more in-depth information about the recommendations, please visit the following links:
- CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
- Critical Oracle Identity Manager Flaw Under Attack
- CISA Urges Patch of Actively Exploited Flaw in Oracle Identity Manager – Infosecurity Magazine
- CISA: ‘Critical’ Flaw In Oracle Fusion Middleware Exploited In Attacks
- Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day – SecurityWeek
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
