By Rabia Noureen
Publication Date: 2025-11-26 14:49:00
Key Takeaways:
- The bug in Oracle Identity Manager allows unauthenticated remote code execution.
- CISA is asking federal agencies to patch it by December 12, 2025.
- The exploitation exploits documentation gaps and Groovy script compilation.
Cybersecurity researchers have discovered a critical flaw in Oracle’s Identity Manager that allows unauthenticated remote code execution. CISA has ordered US federal authorities to close this actively exploited vulnerability within three weeks.
The vulnerability that is tracked as CVE-2025-61757is a remote code execution flaw in the Identity Manager tool for Oracle Fusion Middleware. It could allow an unauthenticated hacker with network access to compromise Oracle’s Identity Manager and gain a complete takeover of the system. This flaw has a CVSS score of 9.8 and can be exploited without credentials.
Accordingly Searchlight Cyber Researchers,…