5 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Missing Authentication for a Critical Function in Oracle Identity Manager (REST WebServices Component)
CVSS Score: 9.8 (Critical, CVSS v3.1)
Identifier: CVE-2025-61757
Exploit or Proof of Concept (PoC):
This vulnerability is confirmed to be exploited in the wild. CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation.
Update:
Oracle released fixes for this flaw in the October 2025 Critical Patch Update for Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0. Administrators should apply the patch immediately and verify that the corrected versions are in operation.
Description:
CVE-2025-61757 is a severe authentication bypass vulnerability affecting the REST WebServices component of Oracle Identity Manager (OIM). The flaw allows remote, unauthenticated attackers to trick the system's URI filtering logic by manipulating request paths.
Mitigation Recommendation:
Immediately apply Oracle's October 2025 CPU update for Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0.
Inventory all Oracle Identity Manager deployments and determine which instances expose REST WebServices (HTTP/HTTPS) to external or untrusted networks.
Restrict access to REST WebServices endpoints using firewall segmentation, reverse proxies, zero-trust access controls, or VPN-based admin access only.
