{“lastseen”:”2025-12-01T18:05:08″,”description”:”At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the Identity Manager product of Oracle Fusion Middleware (versions 12.2.1.4.0 and 14.1.2.1.0). Multiple threat actors are already exploiting the vulnerability in the wild, and it was added to CISA\u2019s Known Exploited Vulnerabilities catalog on November 21, 2025.\\n\\nOracle Identity Manager is widely deployed across large enterprises, particularly in finance, government, healthcare, and other sectors that rely heavily on Oracle infrastructure. Because it remains a core identity platform for many organizations, this vulnerability significantly elevates risk, making CVE-2025-61757 especially critical.\\n\\n## **The Vulnerability**\\n\\nRecent disclosures indicate that, unlike previous Oracle CVEs, this vulnerability is straightforward and highly susceptible to exploitation by threat actors. The vulnerability originates from an authentication bypass in Oracle Identity Manager\u2019s REST APIs, where attackers can trick the security filter into treating protected endpoints as public by appending parameters such as ** _?WSDL_****** or ** _;.wad_** _**l** _to the URL path. This exposes sensitive endpoints like:\\n\\nAfter gaining unauthenticated access, attackers can interact with a Groovy script compilation endpoint. Although this endpoint is not intended to execute scripts, it can be exploited to run malicious code during the compilation process by abusing Groovy\u2019s annotation-processing feature.\\n\\nThis flaw chain allowed researchers to achieve pre-authentication remote code execution on vulnerable Oracle Identity Manager instances.\\n\\n## **What We\u2019ve Seen**\\n\\nOver the past week, more than 300,000 attack attempts have been detected targeting this vulnerability. These attacks are occurring globally across over 18 countries, with the majority focused on the US and France.\\n\\nComputing, healthcare, and business sites are hit the hardest by attack attempts.\\n\\n## **Bottom Line**\\n\\nCVE-2025-61757 is a critical authentication bypass vulnerability with a high operational impact, potentially allowing attackers to achieve remote code execution.\\n\\nThe Imperva Threat Research group tracked and identified the exploitation chain of this vulnerability, ensuring that Imperva customers with Elastic WAF, Cloud WAF, or On-Prem WAF are now protected out of the box.\\n\\nThe post CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution appeared first on Blog.”,”published”:”2025-12-01T16:20:59″,”modified”:”2025-12-01T16:20:59″,”type”:”impervablog”,”title”:”CVE-2025-61757: Imperva Customers Protected Against Critical Oracle Identity Manager Authentication Bypass Leading to Remote Code Execution”,”source”:””,”references”:””,”id”:”IMPERVABLOG:739D0AA585D1E1F1A4FC9387FDB76EF3″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-61757″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.imperva.com\/blog\/cve-2025-61757-imperva-customers-protected-against-critical-oracle-identity-manager-authentication-bypass-leading-to-remote-code-execution\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-01T18:05:08″,”description”:”At the end of October 2025, Oracle released an emergency security alert addressing CVE-2025-61757, a high-severity authentication-bypass flaw that enables remote code execution in the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,59,13,7,11,5],"class_list":["post-28084","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-impervablog","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n