CVE-2025-61757

ENISA EUVD: EUVD-2025-35253 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles Published: 2025-10-21

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

87.83%

probability

This CVE has a 87.83% probability of being exploited in the next 30 days.

0% Top 99.5th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

NVD

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Affected Products

Oracle Corporation

Identity Manager

12.2.1.4.0 14.1.2.1.0

oracle

identity manager

Oracle Corporation

Identity Manager

12.2.1.4.0

Oracle Corporation

Identity Manager

14.1.2.1.0

Attack Intelligence

CWE-284 · Improper Access Control CWE-287 · Improper Authentication CWE-306 · Missing Authentication

Exploits & PoC

Jinxia62/Oracle-Identity-Manager-CVE-2025-61757

Oracle Identity Manager 远程代码执行漏洞CVE-2025-61757

4 2025-11-21

ngominhquocngu/Blackash-CVE-2025-61757

CVE-2025-61757

0 2025-11-20

2 repos — triés par ⭐ Rechercher sur GitHub ↗

https://www.oracle.com/security-alerts/cpuoct2025.html

vendor-advisory

Signal Intelligence

Confidenceⓘ

92%

EPSS 87.83%

CVSS v3.1 9.8

Mentions 4

Last Seen Mar 21, 2026

CNA Information

CNA Assigner

oracle

Analyst Note

CVE-2025-61757 is explicitly named as a zero-day by CISA with active exploitation documented. The CVE was published 2025-10-21 and CISA added it to the KEV catalog citing active exploitation, establishing in-the-wild attacks. The critical CVSS 9.8 score and unauthenticated network attack vector support the severity. Timing confirms exploitation occurred concurrently with or before patch disclosure.

Threat Actors 4

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Hacking Team

apt_group 🇮🇹 IT

Red October

apt_group 🇷🇺 RU

Mana Team

apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateOct 21, 2025