A critical vulnerability in Oracle Identity Manager, tracked as CVE-2025-61757, is actively being exploited in the wild, posing significant risks to organizations using the affected software. The flaw, which has been assigned a CVSS score of 9.8, allows unauthenticated attackers with network access via HTTP to execute remote code on vulnerable systems. This vulnerability affects Oracle Fusion Middleware's Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0, specifically within the REST WebServices component.
The vulnerability, categorized under CWE-306, is a pre-authentication remote code execution (RCE) flaw that can be easily exploited by attackers. It was publicly disclosed on October 21, 2025, and has since been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on November 21, 2025, underscoring its critical nature and the urgency for remediation.
Proof-of-concept (PoC) exploits for CVE-2025-61757 are already available, with at least two known PoCs circulating, which further increases the risk of exploitation. The Exploit Prediction Scoring System (EPSS) has rated this vulnerability at 0.878, indicating a high likelihood of exploitation. Moreover, the vulnerability was exploited in the wild within just over 30 days of its disclosure, highlighting the rapid pace at which threat actors are leveraging this flaw.
Organizations using Oracle Identity Manager are advised to act immediately to mitigate the risk. The Security Status Vulnerability Classification (SSVC) recommends immediate action, reflecting the critical nature of the threat. Oracle has likely issued patches or workarounds, and it is imperative for system administrators to apply these updates without delay to protect their systems from potential compromise.
Given the severity and active exploitation of this vulnerability, organizations should prioritize patching and consider additional security measures such as network segmentation and enhanced monitoring of HTTP traffic to detect any anomalous activities. Ensuring that systems are updated and security controls are in place can help mitigate the risks associated with this critical vulnerability.
CSURFACE