CVE-2025-61757

CRITICALCISA KEV

9.8

Beschreibung

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht10/21/2025

Zuletzt geandert11/24/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerOracle

ProduktFusion Middleware

SchwachstellennameOracle Fusion Middleware Missing Authentication for Critical Function Vulnerability

KEV Aufnahmedatum2025-11-21

Behebungsfrist2025-12-12

Ransomware-NutzungUnknown

Betroffene Produkte

oracle:identity_manager

Schwachen (CWE)

CWE-306

Referenzen

https://www.oracle.com/security-alerts/cpuoct2025.html(secalert_us@oracle.com)

https://isc.sans.edu/diary/rss/32506(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.