Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability

CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog. 

Oracle

The cybersecurity agency CISA has confirmed that a recently patched Oracle Identity Manager vulnerability has been exploited in the wild.

The vulnerability in question is tracked as CVE-2025-61757 and it was patched by Oracle in Identity Manager (a product in its Fusion Middleware platform) with the October 2025 patches. The flaw can be exploited by an unauthenticated attacker for remote code execution. 

SecurityWeek reported on Friday that CVE-2025-61757 may have been exploited in the wild as a zero-day several weeks before Oracle released a patch. 

Searchlight Cyber, whose researchers discovered the issue and reported it to Oracle, disclosed technical details and PoC code on Thursday, warning that it could easily be exploited, allowing attackers to escalate privileges and move laterally, potentially leading to sensitive data exposure. 

Based on the technical information made public by Searchlight, the SANS Technology Institute checked its honeypot logs for signs of potential exploitation and found what looked like attack attempts coming from several IP addresses between August 30 and September 9.

The same IP addresses were also seen scanning the web for other product vulnerabilities, and they also conducted scans associated with bug bounties. 

Advertisement. Scroll to continue reading.

Despite this, Searchlight told SecurityWeek on Friday that the activity seen by SANS can be attributed to its researchers, as well as efforts to notify affected organizations.

However, on Saturday, CISA added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address the flaw by December 12. 

SecurityWeek is hoping to obtain additional clarifications from SANS and Searchlight regarding the potential exploitation. It’s possible that CISA learned of attacks from a different source. 

The agency in the past pointed out that vulnerabilities are only added to the KEV catalog if there is reliable evidence of exploitation in the wild.

Contacted by SecurityWeek, Oracle did not provide any clarifications and instead pointed to its October 2025 security bulletin, which does not mention anything about CVE-2025-61757 being exploited in the wild. 

Related: Recent 7-Zip Vulnerability Exploited in Attacks

Related: Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Related: Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.