CVE-2025-61757
Published: 21 October 2025
Summary
CVE-2025-61757 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Oracle Identity Manager. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates this specific vulnerability by requiring timely identification, reporting, and patching of the flaw in Oracle Identity Manager REST WebServices as detailed in the Critical Patch Update.
Addresses CWE-306 missing authentication by explicitly identifying, authorizing, and monitoring only approved actions without identification and authentication in the vulnerable REST WebServices.
Enforces approved access control policies to block unauthenticated network access to the Identity Manager component, reducing exploitation risk.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Missing authentication in REST WebServices allows unauthenticated remote exploitation of a public-facing application, directly mapping to T1190: Exploit Public-Facing Application.
NVD Description
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of…
more
this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Deeper analysisAI
CVE-2025-61757 is a vulnerability in the Identity Manager product of Oracle Fusion Middleware, specifically affecting the REST WebServices component. Supported versions impacted include 12.2.1.4.0 and 14.1.2.1.0. It carries a CVSS 3.1 Base Score of 9.8 with the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high confidentiality, integrity, and availability impacts, and is associated with CWE-306 (Missing Authentication for Critical Function).
The vulnerability is easily exploitable by an unauthenticated attacker with network access via HTTP. Successful exploitation allows the attacker to fully compromise Identity Manager, resulting in takeover of the product.
Oracle's Critical Patch Update for October 2025 provides details on patches and mitigation, as outlined in their security alert at https://www.oracle.com/security-alerts/cpuoct2025.html. Additional analysis appears in the ISC SANS diary at https://isc.sans.edu/diary/rss/32506. The vulnerability is listed in CISA's Known Exploited Vulnerabilities Catalog at https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61757, indicating real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 21 November 2025