Security
Urgent Alert: Oracle Identity Manager Vulnerability Exploited in Cyber Attacks, CISA Warns
Oracle Identity Manager Vulnerability CVE-2025-61757: A Critical Security Threat
Recent warnings from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have highlighted the urgent need for government agencies to patch a critical vulnerability in Oracle Identity Manager. Tracked as CVE-2025-61757, this vulnerability has been actively exploited in attacks, potentially as a zero-day threat.
Discovered by Searchlight Cyber analysts Adam Kues and Shubham Shahflaw, CVE-2025-61757 is a pre-authentication remote code execution (RCE) vulnerability in Oracle Identity Manager. The flaw originates from an authentication bypass in the application’s REST APIs, allowing attackers to manipulate security filters and gain unauthorized access to protected endpoints.
Once access is obtained, threat actors can exploit a Groovy script to execute malicious code, leveraging Groovy’s annotation-processing features. This series of vulnerabilities enabled researchers to achieve pre-authentication remote code execution on affected Oracle Identity Manager instances.
Oracle addressed the CVE-2025-61757 vulnerability as part of its October 2025 security updates, released on October 21. Despite the patch availability, Searchlight Cyber recently published a detailed technical report outlining the flaw and providing insights into its exploitation.
Exploitation and Response
CISA has classified the Oracle CVE-2025-61757 vulnerability as a Known Exploited Vulnerability (KEV) and mandated Federal Civilian Executive Branch (FCEB) agencies to patch it by December 12. This directive, outlined in Binding Operational Directive (BOD) 22-01, aims to mitigate the risks posed by such vulnerabilities to the federal enterprise.
While specifics of the attacks remain undisclosed by CISA, Johannes Ullrich from SANS Technology Institute raised concerns about potential zero-day exploitation as early as August 30. Ullrich noted suspicious activities targeting specific endpoints corresponding to the exploit shared by Searchlight Cyber.
/iam/governance/applicationmanagement/templates;.wadl
/iam/governance/applicationmanagement/api/v1/applications/groovyscriptstatus;.wadl
Multiple IP addresses were flagged for scanning these endpoints, signaling a coordinated attack. Notably, all requests shared a common user agent associated with Google Chrome 60 on Windows 10.
Oracle has yet to confirm any active exploits of the vulnerability. BleepingComputer reached out to Oracle for comment on this matter.
As the Model Context Protocol (MCP) gains prominence in connecting LLMs to tools and data, security measures are crucial to safeguard these services. Download our free cheat sheet outlining 7 best practices for enhanced security.
Mercedes-AMG GLC 53 Unleashed: Powering Up with a 6-Cylinder Engine and Drift Mode
Ultimate Power in Your Hands: The $4,299 Ayaneo Windows Handheld
Monster Hunter Wilds Anniversary: A Collab with its Kid-Friendly Cousin and Exciting DLC Updates
Power Up with the Ugreen Zapix 200W: A Comprehensive 8-Port Charging Station Review
Unleashing the Potential of AI: The Brain as the Foundation, not the Limit
Microsoft Unveils Windows 11 26H1: Compatibility with Select and Future CPUs
Samsung’s Next Unpacked Event Set for Later This Month: What to Expect
Hub Gossip: The Latest Updates and Rumors
POCO X4 Pro Review – $250 iPhone Destroyer?
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook and Instagram to Reduce Personalized Ads for European Users
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
POCO X4 Pro Review – $250 iPhone Destroyer?
10 Million!
17 WILDEST Inventions you won’t believe are REAL.
Apple’s 2022 products are even CRAZIER than you think.
I tested the CHEAPEST Gadgets on the Internet.
I bought the THINNEST Tech in the world.
The Samsung Smartphone Scandal: Explained
14 Products that give you REAL SUPERPOWERS.
I tested Viral TikTok Life Hacks – are they a SCAM!?
-
Facebook4 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook4 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook4 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook4 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook2 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook2 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook2 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple4 months agoMeta discontinues Messenger apps for Windows and macOS
