The U.S. CISA has listed an Oracle Identity Manager vulnerability (CVE-2025-61757) as actively exploited, with attackers leveraging it for remote code execution. Additionally, over 100 organizations have been affected by CL0P ransomware attacks targeting Oracle E-Business Suite, including Mazda and Cox Enterprises. #CISA #CVE202561757 #CL0P #OracleEBS #IdentityManager
Keypoints
- An Oracle Identity Manager vulnerability (CVE-2025-61757) has been added to CISAβs Known Exploited Vulnerabilities database due to active attacks.
- The flaw allows unauthenticated remote code execution via the REST WebServices component on specific Oracle Fusion Middleware versions.
- Researchers discovered that the vulnerability exploits a flaw in how Groovy scripts are compiled and executed, enabling an RCE attack.
- Over 100 organizations, including Mazda and Cox Enterprises, have been affected by CL0P ransomware attacks targeting Oracle E-Business Suite.
- Cox Enterprises experienced the exposure of personal data for more than 9,000 individuals, while Mazda contained the breach without data impact.
Read More: https://thecyberexpress.com/cisa-kev-oracle-identity-manager-vulnerability/