CVE-2025-61757

Name of the Vulnerable Software and Affected Versions Oracle Identity Manager versions 12.2.1.4.0 through 14.1.2.1.0

Description A critical vulnerability exists in Oracle Identity Manager, specifically within the REST WebServices component. This flaw allows an unauthenticated attacker to remotely execute code via HTTP requests, potentially leading to a complete compromise of the system. The vulnerability stems from missing authentication checks for critical functions, enabling attackers to bypass security measures and gain unauthorized access. Active exploitation of this vulnerability has been observed since August 2025, and it has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog. Attackers can exploit this by appending ?WSDL or ; .wadl to URLs, gaining access to the system. The vulnerability affects organizations that rely on Oracle Identity Manager for identity governance, particularly those with exposed REST API endpoints. There have been reports of scanning attempts and POST requests with a payload size of approximately 556 bytes, indicating active exploitation attempts.

Recommendations Apply the latest security patches released by Oracle in October 2025 for Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0. Restrict external access to the affected system using VPNs or Access Control Lists (ACLs). Monitor logs for suspicious activity targeting the vulnerable API endpoints, specifically unexpected POST requests with a payload size of around 556 bytes. Consider temporarily disabling the vulnerable REST WebServices component until a patch can be applied.