Threats / Oracle / CVE-2025-61757
CVE-2025-61757
· EUVD no mirror located
· GCVE no mirror located
Verified 2026-06-22
Oracle Fusion Middleware vulnerability
Oracle Fusion Middleware contains a missing authentication vulnerability in a critical function, allowing unauthenticated remote attackers to compromise Identity Manager.
Verdict
Today item — known-exploited.
An unauthenticated remote attacker can exploit missing authentication controls in Oracle Fusion Middleware to gain unauthorized access to Identity Manager, potentially enabling account takeover, privilege escalation, and lateral movement within enterprise systems.
01
Is it exploitable?
— the evidence, ranked above the scoreExploit available
Public proof-of-concept exploit code is cataloged for this vulnerability.We link the existence of the exploit; we do not host or redistribute payloads.
Reported exploitation
12 independent public reports of in-the-wild exploitation are cataloged.Distinct reporting sources (vendor, incident response, government); open them for the underlying claims.
Exploited in the wild
Listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-11-21).
Probability (EPSS)
EPSS 0.88312 — modeled likelihood of exploitation activity.EPSS is a daily-changing model output — open the source for today's value.
Severity / affected
Affected: Oracle, Fusion Middleware. Confirm exact fixed builds in the vendor advisory.
Weakness (CWE)
Mapped to CWE-306 Missing Authentication — weakness family: Authentication.CWE assignment from the public NVD record; the weakness class drives how the flaw is exploited.
02
Who’s exploiting it?
— attribution turns risk into urgencyAttribution not established
No confirmed (advisory-backed) threat-actor attribution is established for this record. Absence of a named actor is not absence of compromise — see Coverage & confidence.
03
Why it matters
— the attack path, told twice: adversary, then board1
Front door — unauthenticated access narrative 1
Attacker
I identify the unauthenticated critical function endpoint in Oracle Fusion Middleware exposed to the network.
Business
Attackers bypass all authentication barriers, gaining direct access to identity management systems without credentials.
2
Keys to the kingdom — privilege/identity takeover narrative 2
Attacker
I invoke the critical function without providing valid authentication credentials.
Business
Identity Manager is compromised, allowing unauthorized modification of user accounts, roles, and permissions.
3
Lateral reach — past segmentation narrative 3
Attacker
I create, modify, or escalate privileged accounts within the identity system.
Business
Attackers establish persistent administrative access across dependent enterprise applications and infrastructure.
4
Data at risk — exfiltration narrative 4
Attacker
I leverage the compromised identity system to access downstream systems that trust Fusion Middleware authentication.
Business
Enterprise security perimeter collapses as identity trust is weaponized for lateral movement and data exfiltration.
04
What to do
— defensible action- Remediate per the vendor advisory — confirm the fixed build for your version and verify exposure.1
Say it to the boardA vulnerability with this evidence profile is a defensible budget line, not a backlog ticket — fund the change against the proof above.
05