Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle Identity Manager actively exploited missing authentication RCE (CVE-2025-61757)

Vulnerability
First reported
Last updated
Happening score
H score 52
2 unique sources, 2 articles

Summary

Hide ▲

CISA added CVE-2025-61757 to KEV after evidence of active exploitation, putting Oracle Identity Manager users at immediate risk of pre-authenticated remote code execution. The flaw affects 12.2.1.4.0 and 14.1.2.1.0 and can be reached by bypassing protected endpoint checks with ?WSDL or ;.wadl. Oracle had already addressed the issue in its quarterly updates, and FCEB agencies must patch by December 12, 2025.

Related Happenings

Oracle Identity Manager and Oracle Web Services Manager unauthenticated RCE (CVE-2026-21992)

Vulnerability
First: 20.03.2026 20:48 Last: 20.03.2026 20:48 Sources 1

About this happening: Oracle issued an **out-of-band update** to fix **CVE-2026-21992**, a **critical unauthenticated remote code execution** flaw in **Oracle Identity Manager** and **Oracle Web Servic...

Open Happening

CISA orders FCEB remediation deadlines for KEV vulnerabilities

Public Sector Action
First: 10.03.2026 08:17 Last: 10.03.2026 08:17 Sources 1

About this happening: CISA ordered **FCEB agencies** to patch **SolarWinds Web Help Desk** by **March 12, 2026** and to fix the other two KEV-listed flaws by **March 23, 2026**, tightening remediation...

Open Happening

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

IBM API Connect CVE-2025-13915 mitigation guidance

Advisory/Mitigation
First: 31.12.2025 12:34 Last: 31.12.2025 12:34 Sources 1

About this happening: **IBM** told customers to upgrade **IBM API Connect** to address **CVE-2025-13915**, a **critical authentication bypass** that can let **unauthenticated attackers** reach exposed...

Open Happening

Oracle Identity Governance Suite 12c urgent mitigation guidance

Advisory/Mitigation
First: 24.11.2025 13:07 Last: 24.11.2025 13:07 Sources 1

How related: CISA urged organizations running Oracle Identity Governance Suite 12c to apply the relevant patches immediately or isolate the affected services from the public internet.

About this happening: **CISA** issued **urgent mitigation guidance** for **Oracle Identity Governance Suite 12c** after the product was tied to an **actively exploited** security issue. Operators were...

Open Happening

Timeline

  1. 22.11.2025 08:45 2 articles · 6mo ago

    CISA adds CVE-2025-61757 to the KEV catalog

    Legal Policy Action Update

    CISA added CVE-2025-61757, a critical missing-authentication flaw in Oracle Identity Manager with a CVSS score of 9.8, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw affects Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0, can enable pre-authenticated remote code execution through bypassed endpoint checks and crafted POST requests to the Groovy status API, and was already addressed by Oracle in quarterly updates released last month. In response to the active exploitation risk, Federal Civilian Executive Branch agencies must apply the necessary patches by December 12, 2025.

    Show sources
    Open in new tab