WASHINGTON / LONDON (IT BOLTWISE) – The US Cybersecurity and Infrastructure Security Agency (CISA) has identified a serious vulnerability in Oracle Fusion Middleware and added it to its catalog of known exploited vulnerabilities. This vulnerability allows attackers to access critical functions without authentication and take complete control of the system.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Oracle Fusion Middleware to its catalog of known exploited vulnerabilities. This vulnerability, known as CVE-2025-61757, has a CVSS score of 9.8 and affects versions 12.2.1.4.0 and 14.1.2.1.0 of the product. The vulnerability allows attackers to access critical functions over the network without prior authentication and thus gain complete control of the Identity Manager.
The vulnerability results from a lack of authentication for a critical function that allows an attacker to execute remote code. This poses a significant risk as an attacker with HTTP network access could take control of the Identity Manager. Oracle addressed this vulnerability with a critical patch update in October 2025, but the threat remains as attacks were observed prior to the patch’s release.
Multiple HTTP POST attempts to the Oracle Identity Manager endpoint associated with the CVE-2025-61757 vulnerability were reportedly registered between August 30 and September 9, 2025. These attacks came from different IP addresses but used the same user agent, suggesting a single attacker. The attack payloads indicate that the vulnerability was exploited as a zero-day before Oracle released the patch.
According to Binding Operational Directive (BOD) 22-01, FCEB agencies are required to address the identified vulnerabilities by December 12, 2025 to protect their networks from attacks. Experts also recommend that private organizations review the catalog and address the vulnerabilities in their infrastructure. CISA has directed all federal agencies to address the vulnerabilities by this date to ensure the security of their networks.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “CISA warns of critical vulnerability in Oracle Fusion Middleware”.