← Back to CVEs
CVE-2025-61757
CRITICALCISA KEV9.8
Description
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/21/2025
Last Modified11/24/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorOracle
ProductFusion Middleware
Vulnerability NameOracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
KEV Date Added2025-11-21
Remediation Due Date2025-12-12
Ransomware UseUnknown
Affected Products
oracle:identity_manager
Weaknesses (CWE)
CWE-306
References
https://www.oracle.com/security-alerts/cpuoct2025.html(secalert_us@oracle.com)
https://isc.sans.edu/diary/rss/32506(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.