CISA warns government agencies to urgently patch the Oracle Identity Manager vulnerability (CVE-2025-61757), which has been exploited in attacks potentially as a zero-day. This flaw allows remote code execution through an authentication bypass in REST APIs, emphasizing the need for prompt updates. #CISA #OracleVulnerability
Keypoints
- The vulnerability CVE-2025-61757 affects Oracle Identity Managerβs REST APIs.
- Attackers can exploit the flaw to run malicious code via a pre-authentication remote code execution vector.
- CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog and mandated patches by December 12.
- Threat actors may have exploited the flaw as a zero-day as early as August 30, according to research reports.
- The flaw stems from an authentication bypass that manipulates security filters using URL parameters like ?WSDL or ;.wadl.