CVE-2025-61757 (GCVE-0-2025-61757)

Vulnerability from cvelistv5 – Published: 2025-10-21 20:03 – Updated: 2026-02-26 16:57
Summary
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager.
  • CWE-306 - Missing Authentication for Critical Function
Assigner
Impacted products
Vendor Product Version
Oracle Corporation Identity Manager Affected: 12.2.1.4.0 (semver)
Affected: 14.1.2.1.0 (semver)
Create a notification for this product.
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2025-61757

Status: Confirmed

Status Updated: 2025-11-21 00:00 UTC

Exploited: Yes


Timestamps
First Seen: 2025-11-21
Asserted: 2025-11-21

Scope
Notes: KEV entry: Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability | Affected: Oracle / Fusion Middleware | Description: Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev


Details
Cwes CWE-306
Feed CISA Known Exploited Vulnerabilities Catalog
Product Fusion Middleware
Due Date 2025-12-12
Date Added 2025-11-21
Vendorproject Oracle
Vulnerabilityname Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
Knownransomwarecampaignuse Unknown

References

Created: 2026-02-02 12:25 UTC | Updated: 2026-02-06 07:17 UTC
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2025-61757

Status: Confirmed

Status Updated: 2025-12-03 16:55 UTC

Exploited: Yes


Characteristics
Severity: 98.0

Timestamps
First Seen: 2025-12-03
Asserted: 2025-12-03
Last Seen: 2025-12-03

Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Oracle / Oracle Fusion Middleware (Identity Manager) | Class: other-software | Severity: Critical (CVSS 9.8) | IoT: no | In CISA KEV: yes | Honeypot connections on 2025-12-03: 2

Evidence

Type: Honeypot

Signal: In The Wild Attempts

Confidence: 70%

Source: shadowserver


Details
1D 1
Iot no
Feed Shadowserver Foundation honeypot/exploited-vulnerabilities
Type http-scan
Class other-software
7D Avg 0
Vendor Oracle
30D Avg 0
90D Avg 0
Product Oracle Fusion Middleware (Identity Manager)
Cisa Kev yes
Connections 2
Observation Date 2025-12-03
Vulnerability Class CVSS
Vulnerability Score 9.8
Vulnerability Severity Critical

References

Created: 2026-06-30 10:22 UTC | Updated: 2026-06-30 10:22 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant

Vulnerability ID: CVE-2025-61757

Status: Confirmed

Status Updated: 2026-06-01 10:44 UTC

Exploited: Yes


Timestamps
First Seen: 2026-06-01
Asserted: 2026-06-01

Scope
Notes: KEVIntel entry: Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are... | Affected: Oracle Corporation / Identity Manager | CVSS: 9.8 (CRITICAL) | EPSS: 0.88312 | Used in malware: unknown | Not yet in CISA KEV: False

Evidence

Type: Public Report

Signal: Successful Exploitation

Confidence: 70%

Source: kevintel


Details
Feed KEVIntel (kevintel.com)
Title Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are...
Vendor Oracle Corporation
Product Identity Manager
Added Date 2026-06-01T10:44:54.382Z
Cvss Score 9.8
Epss Score 0.88312
Cvss Severity CRITICAL
Epss Percentile 0.99749
Used In Malware unknown
Ahead Of Cisa Kev
{
  "count": 1,
  "unit": "day"
}
Not Yet In Cisa Kev False

References

Created: 2026-06-23 14:03 UTC | Updated: 2026-06-23 14:03 UTC
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61757",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-22T04:55:16.202232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-11-21",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:57:18.999Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "media-coverage"
            ],
            "url": "https://isc.sans.edu/diary/rss/32506"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-11-21T00:00:00.000Z",
            "value": "CVE-2025-61757 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Identity Manager",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "12.2.1.4.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "14.1.2.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.  Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.  Successful attacks of this vulnerability can result in takeover of Identity Manager.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-21T20:03:11.303Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-61757",
    "datePublished": "2025-10-21T20:03:11.303Z",
    "dateReserved": "2025-09-30T19:21:55.556Z",
    "dateUpdated": "2026-02-26T16:57:18.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2025-61757",
      "cwes": "[\"CWE-306\"]",
      "dateAdded": "2025-11-21",
      "dueDate": "2025-12-12",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757",
      "product": "Fusion Middleware",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.",
      "vendorProject": "Oracle",
      "vulnerabilityName": "Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability"
    },
    "epss": {
      "cve": "CVE-2025-61757",
      "date": "2026-07-05",
      "epss": "0.88312",
      "percentile": "0.99751"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-61757\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2025-10-21T20:20:52.117\",\"lastModified\":\"2026-06-17T09:50:50.953\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.  Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\"}],\"affected\":[{\"source\":\"secalert_us@oracle.com\",\"affectedData\":[{\"vendor\":\"Oracle Corporation\",\"product\":\"Identity Manager\",\"versions\":[{\"version\":\"12.2.1.4.0\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"14.1.2.1.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-11-22T04:55:16.202232Z\",\"id\":\"CVE-2025-61757\",\"options\":[{\"exploitation\":\"active\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"cisaExploitAdd\":\"2025-11-21\",\"cisaActionDue\":\"2025-12-12\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability\",\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95593D6C-8396-4AF5-BA79-8DB8EDA9FC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA634664-8CC5-4017-A445-A23E205BEEC2\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2025.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://isc.sans.edu/diary/rss/32506\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61757\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-22T04:55:16.202232Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-11-21\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-11-21T00:00:00.000Z\", \"value\": \"CVE-2025-61757 added to CISA KEV\"}], \"references\": [{\"url\": \"https://isc.sans.edu/diary/rss/32506\", \"tags\": [\"media-coverage\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-22T14:33:16.205Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"Identity Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.2.1.4.0\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"14.1.2.1.0\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpuoct2025.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices).  Supported versions that are affected are 12.2.1.4.0 and  14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.  Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.  Successful attacks of this vulnerability can result in takeover of Identity Manager.\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:*\", \"vulnerable\": true}, {\"criteria\": \"cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*\", \"vulnerable\": true}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2025-10-21T20:03:11.303Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-61757\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T16:57:18.999Z\", \"dateReserved\": \"2025-09-30T19:21:55.556Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2025-10-21T20:03:11.303Z\", \"assignerShortName\": \"oracle\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…