Unauthorized Access in Oracle Fusion Middleware's Identity Manager
CVE-2025-61757
Key Information:
- Vendor
Oracle
- Status
- Vendor
- CVE Published:
- 21 October 2025
Badges
What is CVE-2025-61757?
CVE-2025-61757 is a critical vulnerability found within Oracle Fusion Middleware's Identity Manager, specifically affecting its REST WebServices component. This vulnerability has a high CVSS score of 9.8, indicating severe implications for organizations that utilize this product. Identity Manager is an essential tool for managing user identities and access, and its compromise can severely disrupt access control mechanisms within an organization. An unauthenticated attacker with network access via HTTP can exploit this vulnerability, potentially leading to full takeover of the Identity Manager system, which can allow malicious actors to manipulate user identities and gain unauthorized access to sensitive information and resources.
Potential impact of CVE-2025-61757
-
Unauthorized Access and Control: Exploitation of this vulnerability allows attackers to gain unauthorized control over the Identity Manager, which could enable them to alter user permissions, create malicious accounts, or lock legitimate users out, severely disrupting organizational operations.
-
Data Integrity Compromise: An attacker with control over the Identity Manager can manipulate user identities and roles, which poses a significant threat to the integrity of data. Sensitive information can be exposed, modified, or deleted, leading to compliance issues and data breaches.
-
Widespread Security Risks: Given that many organizations rely on Oracle Fusion Middleware for identity and access management, successful exploitation of this vulnerability can have a cascading effect, potentially impacting interconnected systems and user access across various platforms, leading to a systemic collapse of security measures within the impacted organization.
CISA has reported CVE-2025-61757
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-61757 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Identity Manager 12.2.1.4.0
Identity Manager 14.1.2.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVE-2025-61757: Oracle Identity Manager RCE
Summary of CVE-2025-61757 auth bypass in Oracle Identity Manager enabling unauthenticated RCE, with observed scanning, patch details, and detection tips.
2 weeks ago
Critical Oracle Identity Manager Flaw Under Attack
The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year and a extortion campaign against Oracle E-Business Suite customers.
3 weeks ago
References
EPSS Score
79% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by SecurityWeek
- 📈
Vulnerability started trending
Vulnerability published
Vulnerability Reserved