The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation.
The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated remote code execution. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.1.0. It was addressed by Oracle as part of its quarterly updates released last month.
"Oracle Fusion Middleware contains a missing authentication for a critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager," CISA said.
Searchlight Cyber researchers Adam Kues and
New York Post
Atlanta Black Star Entertainment
WBAL-TV 11 Baltimore Politics
CNN Politics
People Top Story
Sky Sports Golf