CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability

Posted on By CWS

The cybersecurity company CISA has confirmed {that a} just lately patched Oracle Id Supervisor vulnerability has been exploited within the wild.

The vulnerability in query is tracked as CVE-2025-61757 and it was patched by Oracle in Id Supervisor (a product in its Fusion Middleware platform) with the October 2025 patches. The flaw will be exploited by an unauthenticated attacker for distant code execution. 

SecurityWeek reported on Friday that CVE-2025-61757 could have been exploited within the wild as a zero-day a number of weeks earlier than Oracle launched a patch. 

Searchlight Cyber, whose researchers found the difficulty and reported it to Oracle, disclosed technical particulars and PoC code on Thursday, warning that it might simply be exploited, permitting attackers to escalate privileges and transfer laterally, probably resulting in delicate knowledge publicity. 

Based mostly on the technical data made public by Searchlight, the SANS Know-how Institute checked its honeypot logs for indicators of potential exploitation and located what regarded like assault makes an attempt coming from a number of IP addresses between August 30 and September 9.

The identical IP addresses had been additionally seen scanning the net for different product vulnerabilities, and so they additionally carried out scans related to bug bounties. 

Regardless of this, Searchlight informed SecurityWeek on Friday that the exercise seen by SANS will be attributed to its researchers, in addition to efforts to inform affected organizations.

Nevertheless, on Saturday, CISA added CVE-2025-61757 to its Recognized Exploited Vulnerabilities (KEV) catalog, instructing federal businesses to handle the flaw by December 12. Commercial. Scroll to proceed studying.

SecurityWeek is hoping to acquire extra clarifications from SANS and Searchlight relating to the potential exploitation. It’s attainable that CISA discovered of assaults from a distinct supply. 

The company up to now identified that vulnerabilities are solely added to the KEV catalog if there may be dependable proof of exploitation within the wild.

Contacted by SecurityWeek, Oracle didn’t present any clarifications and as a substitute pointed to its October 2025 safety bulletin, which doesn’t point out something about CVE-2025-61757 being exploited within the wild. 

Associated: Latest 7-Zip Vulnerability Exploited in Assaults

Associated: Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Associated: Two-12 months-Outdated Ray AI Framework Flaw Exploited in Ongoing Marketing campaign

Security Week News Tags:, , , , , ,

Related Posts

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns Security Week News
vBulletin Vulnerability Exploited in the Wild Security Week News
Two Exploited Vulnerabilities Patched in Android Security Week News
QNAP Patches Vulnerabilities Exploited at Pwn2Own Ireland Security Week News
Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet Security Week News
Hackers Target Swedish Power Grid Operator Security Week News