Unauthorized Access in Oracle Fusion Middleware's Identity Manager
CVE-2025-61757

9.8CRITICAL

Key Information:

Vendor: Oracle
Status: Identity Manager
Vendor: CVE Published:; 21 October 2025

What is CVE-2025-61757?

This vulnerability in Oracle Fusion Middleware's Identity Manager could allow an unauthenticated attacker with network access through HTTP to exploit the system. By leveraging this flaw, attackers may gain the capability to take control of the Identity Manager, posing serious risks to the integrity, confidentiality, and availability of sensitive data managed by the application.

Affected Version(s)

Identity Manager 12.2.1.4.0

Identity Manager 14.1.2.1.0

References

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2025
Vulnerability Reserved
Sep 30, 2025

JSON