A lately patched Oracle Identification Supervisor vulnerability might have been exploited as a zero-day.
The vulnerability, tracked as CVE-2025-61757, was disclosed on Thursday by Searchlight Cyber, whose researchers found the difficulty and reported it to Oracle.
The safety agency described it as a important pre-authentication distant code execution vulnerability in Oracle Identification Supervisor. The exploit, which chains an authentication bypass weak spot and arbitrary code execution, can enable an attacker to realize full system compromise.
Oracle fastened CVE-2025-61757 with its October 2025 patches and confirmed that it’s a important subject that may be simply exploited with out authentication.
Searchlight Cyber warned on Thursday that the vulnerability can “enable attackers to control authentication flows, escalate privileges, and transfer laterally throughout an organisation’s core methods”, noting that it may “result in the breach of servers dealing with person PII and credentials”.
The SANS Expertise Institute used the technical data and PoC code made public by Searchlight on Thursday to verify its honeypot logs for indicators of potential exploitation.
Based on SANS’s Johannes Ullrich, potential exploitation was seen a number of occasions between August 30 and September 9, weeks earlier than Oracle launched a patch.
“There are a number of totally different IP addresses scanning for it, however all of them use the identical person agent, which means that we could also be coping with a single attacker,” Ullrich defined. Commercial. Scroll to proceed studying.
“Sadly, we didn’t seize the our bodies for these requests, however they had been all POST requests,” he added.
The professional stated the identical IP addresses had been beforehand seen scanning the net for a Liferay product vulnerability (CVE-2025-4581) and conducting scans that look like related to bug bounties. The IPs additionally scanned for URLs related to the exploitation of the Log4j vulnerability.
SecurityWeek has reached out to Oracle for remark and can replace this text if the corporate responds. Searchlight has additionally been requested whether or not the exercise seen by SANS might have been performed by its personal researchers whereas analyzing the vulnerability.
Associated: Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week
Associated: Current 7-Zip Vulnerability Exploited in Assaults
Associated: Two-Yr-Outdated Ray AI Framework Flaw Exploited in Ongoing Marketing campaign
