A critical vulnerability in Oracle Identity Manager has been added to the CISA KEV list due to active exploitation, allowing remote code execution. Organizations are urged to patch by December 12, 2025, to prevent potential breaches. #OracleIdentityManager #CISAKEV
Keypoints
- The vulnerability CVE-2025-61757 affects Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0.
- It allows unauthenticated attackers to bypass security filters and execute remote code.
- Attackers can manipulate authentication flows, escalate privileges, and move laterally within systems.
- Honeypot data suggests that the vulnerability was exploited before a patch was released.
- FCEB agencies must apply patches by December 12, 2025, to mitigate active threats.
Read More: https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html