Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks

CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks

Posted on November 24, 2025November 24, 2025 By CWS

The Cybersecurity and Infrastructure Safety Company (CISA) is urging organizations to instantly deal with a crucial safety flaw in Oracle Id Supervisor following reviews of lively exploitation.

The vulnerability, tracked as CVE-2025-61757, permits unauthenticated distant attackers to execute arbitrary code on affected programs, posing a extreme menace to enterprise and authorities networks.

This warning comes within the wake of an enormous breach earlier this 12 months involving Oracle Cloud’s personal login service, which uncovered over six million information.

Safety researchers at Searchlight Cyber recognized this vulnerability whereas analyzing the assault floor of Oracle Cloud’s login host. The investigation revealed that the identical software program stack compromised in January, particularly the Oracle Id Governance Suite, contained a extreme pre-authentication Distant Code Execution (RCE) flaw.

This discovery highlighted a crucial oversight in how the appliance dealt with authentication filters, leaving tons of of tenants weak to finish compromise with out requiring any legitimate credentials.

The vulnerability resides inside the software’s SecurityFilter mechanism discovered within the net.xml configuration. This filter was designed to handle authentication checks however relied on a flawed common expression whitelist.

Builders meant to permit unauthenticated entry to Internet Utility Description Language (WADL) recordsdata, however the implementation did not account for the way Java interprets request Uniform Useful resource Identifiers (URIs).

Attackers can bypass authentication totally by appending particular matrix parameters to the URL. The analysis group demonstrated that including ;.wadl to a request URI methods the server into treating the request as a innocent WADL retrieval whereas the underlying Java servlet processes it as a legitimate API name.

This logical discrepancy grants attackers unrestricted entry to restricted REST endpoints, resembling /iam/governance/applicationmanagement.

As soon as authentication is bypassed, menace actors can leverage the groovyscriptstatus endpoint to realize code execution. Though this endpoint is meant solely to syntax-check Groovy scripts with out operating them, it does carry out compilation.

By injecting a script containing the @ASTTest annotation, attackers can power the Java compiler to execute arbitrary code through the compilation section. This system successfully turns a syntax checker into a totally purposeful distant shell, granting management over the host system.

This vulnerability is especially harmful as a result of it requires no prior entry or credentials. The mix of a trivial authentication bypass and a dependable methodology for code execution makes it a beautiful goal for ransomware teams and state-sponsored actors.

Organizations operating Oracle Id Governance Suite 12c are suggested to use the related patches instantly or isolate the affected companies from the general public web.

CVE IDAffected ProductVulnerability TypeImpactSeverityCVE-2025-61757Oracle Id Governance Suite 12c (12.2.1.4.0)Pre-Authentication RCERemote Code Execution, Full System CompromiseCritical (9.8)CVE-2021-35587Oracle Entry ManagerPre-Authentication RCEData Exfiltration, Tenant CompromiseCritical

Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:Actively, Attacks, CISA, Exploited, Identity, Manager, Oracles, RCE, Vulnerability, Warns

Post navigation

Previous Post: Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach
Next Post: Wireshark Vulnerabilities Let Attackers Crash by Injecting a Malformed Packet

Related Posts

Stellantis, the Maker of Citroën, FIAT, Jeep, and Other Cars, Confirms Data Breach Stellantis, the Maker of Citroën, FIAT, Jeep, and Other Cars, Confirms Data Breach Cyber Security News
CISA Flags Critical Microsoft Defender Vulnerabilities CISA Flags Critical Microsoft Defender Vulnerabilities Cyber Security News
Securden Unified PAM Vulnerability Let Attackers Bypass Authentication Securden Unified PAM Vulnerability Let Attackers Bypass Authentication Cyber Security News
Ukrainian Networks Launch Massive Brute-Force and Password-Spraying Campaigns Targeting SSL VPN and RDP Systems Ukrainian Networks Launch Massive Brute-Force and Password-Spraying Campaigns Targeting SSL VPN and RDP Systems Cyber Security News
Massive Spike in Password Attacks Targeting Cisco ASA VPN Followed by Microsoft 365 Massive Spike in Password Attacks Targeting Cisco ASA VPN Followed by Microsoft 365 Cyber Security News
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AnyDesk Vulnerability Risks Denial-of-Service Attacks
  • PhantomEnigma Hijacks Government Sites for Malware
  • Linux Welcomes AI with Responsible Use, Says Torvalds
  • New Malware ClickLock Stealer Exploits macOS Vulnerabilities
  • Cybersecurity Threats: Game Cheat Spyware and More

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AnyDesk Vulnerability Risks Denial-of-Service Attacks
  • PhantomEnigma Hijacks Government Sites for Malware
  • Linux Welcomes AI with Responsible Use, Says Torvalds
  • New Malware ClickLock Stealer Exploits macOS Vulnerabilities
  • Cybersecurity Threats: Game Cheat Spyware and More

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark