Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle security patch release for CVE-2025-61757

Security Patch Release
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

Oracle's October 2025 security updates fixed CVE-2025-61757 in Oracle Identity Manager, closing a pre-authentication RCE path that had already been exploited in attacks. The update was released on October 21, 2025. Because the flaw was potentially a zero-day, the patch was important for exposed Identity Manager deployments.

Related Happenings

Microsoft security patch release for CVE-2026-41089

Security Patch Release
First: 13.05.2026 00:46 Last: 13.05.2026 00:46 Sources 1

About this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...

Open Happening

Oracle security patch release for CVE-2026-21992

Security Patch Release
First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Open Happening

Microsoft security patch release for CVE-2026-20805

Security Patch Release
First: 14.01.2026 02:47 Last: 14.01.2026 02:47 Sources 1

About this happening: **Microsoft** released January 2026 security updates for **Windows** and supported software, fixing **at least 113 vulnerabilities** and **8 critical flaws**. The release includes...

Open Happening

Grafana Enterprise security update for CVE-2025-41115

Security Patch Release
First: 21.11.2025 17:40 Last: 21.11.2025 17:40 Sources 1

About this happening: **Grafana** released **security updates** for **CVE-2025-41115**, a **CVSS 10.0** flaw in **Grafana Enterprise** that could enable **user impersonation** or **privilege escalation...

Open Happening

SonicWall security patch release for CVE-2025-40604

Security Patch Release
First: 20.11.2025 17:56 Last: 20.11.2025 17:56 Sources 1

About this happening: **SonicWall** released fixes for **CVE-2025-40604** and **CVE-2025-40605** in its **Email Security appliances**, addressing a flaw set that could let remote attackers achieve **pe...

Open Happening

Timeline

  1. 22.11.2025 01:50 2 articles · 6mo ago

    Oracle releases October 2025 security updates for CVE-2025-61757

    Mitigation Patch Update

    Oracle released its October 2025 security updates on October 21, 2025, fixing CVE-2025-61757 in Oracle Identity Manager and closing the pre-authentication remote code execution path tied to the REST API authentication bypass and Groovy script compilation abuse.

    Show sources
    Open in new tab
  2. 22.11.2025 01:50 1 articles · 6mo ago

    CISA adds CVE-2025-61757 to the KEV catalog

    Legal Policy Action Update

    On November 21, 2025, CISA added CVE-2025-61757 in Oracle Identity Manager to the Known Exploited Vulnerabilities catalog and set a December 12 patch deadline for Federal Civilian Executive Branch agencies under Binding Operational Directive 22-01, citing active exploitation risk to the federal enterprise.

    Show sources
    Open in new tab
  3. 20.11.2025 02:00 1 articles · 6mo ago

    Searchlight Cyber publishes exploit details for CVE-2025-61757

    Technical Analysis Update

    On November 20, 2025, Searchlight Cyber released a technical report on CVE-2025-61757 in Oracle Identity Manager, detailing the REST API authentication bypass that could expose protected endpoints via `?WSDL` or `;.wadl` and lead to pre-authentication remote code execution through the Groovy script compilation path; Johannes Ullrich also warned that the flaw may have been exploited as a zero-day as early as August 30, with accesses seen between August 30 and September 9.

    Show sources
    Open in new tab