Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day
SecurityWeek
Actively Exploited
Summary
A critical unauthenticated remote code execution vulnerability, identified as CVE-2025-61757, has been discovered in Oracle Identity Manager. This flaw poses significant risks as it may be exploited as a zero-day, allowing attackers to execute arbitrary code without authentication.
Impact
Oracle Identity Manager
In the Wild
Yes
Timeline
Newly disclosed
Remediation
Implement security patches provided by Oracle for Oracle Identity Manager, monitor for updates from Oracle regarding this vulnerability, and apply best practices for securing identity management systems, such as limiting access and regularly auditing system logs.