Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-61757

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published

2025-10-21T20:20:52.117

Last Modified

2025-11-24T13:38:20.900

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-306

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	identity_manager	12.2.1.4.0	Yes
Application	oracle	identity_manager	14.1.2.1.0	Yes

References

https://www.oracle.com/security-alerts/cpuoct2025.html Vendor Advisory ([email protected])
https://isc.sans.edu/diary/rss/32506 Third Party Advisory (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757 US Government Resource (134c704f-9b21-4f2e-91b3-4a467353bcc0)