The cybersecurity company CISA has confirmed {that a} just lately patched Oracle Id Supervisor vulnerability has been exploited within the wild.
The vulnerability in query is tracked as CVE-2025-61757 and it was patched by Oracle in Id Supervisor (a product in its Fusion Middleware platform) with the October 2025 patches. The flaw will be exploited by an unauthenticated attacker for distant code execution.
SecurityWeek reported on Friday that CVE-2025-61757 could have been exploited within the wild as a zero-day a number of weeks earlier than Oracle launched a patch.
Searchlight Cyber, whose researchers found the difficulty and reported it to Oracle, disclosed technical particulars and PoC code on Thursday, warning that it might simply be exploited, permitting attackers to escalate privileges and transfer laterally, probably resulting in delicate knowledge publicity.
Based mostly on the technical data made public by Searchlight, the SANS Know-how Institute checked its honeypot logs for indicators of potential exploitation and located what regarded like assault makes an attempt coming from a number of IP addresses between August 30 and September 9.
The identical IP addresses had been additionally seen scanning the net for different product vulnerabilities, and so they additionally carried out scans related to bug bounties.
Regardless of this, Searchlight informed SecurityWeek on Friday that the exercise seen by SANS will be attributed to its researchers, in addition to efforts to inform affected organizations.
Nevertheless, on Saturday, CISA added CVE-2025-61757 to its Recognized Exploited Vulnerabilities (KEV) catalog, instructing federal businesses to handle the flaw by December 12. Commercial. Scroll to proceed studying.
SecurityWeek is hoping to acquire extra clarifications from SANS and Searchlight relating to the potential exploitation. It’s attainable that CISA discovered of assaults from a distinct supply.
The company up to now identified that vulnerabilities are solely added to the KEV catalog if there may be dependable proof of exploitation within the wild.
Contacted by SecurityWeek, Oracle didn’t present any clarifications and as a substitute pointed to its October 2025 safety bulletin, which doesn’t point out something about CVE-2025-61757 being exploited within the wild.
Associated: Latest 7-Zip Vulnerability Exploited in Assaults
Associated: Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week
Associated: Two-12 months-Outdated Ray AI Framework Flaw Exploited in Ongoing Marketing campaign
