Ethical Hacking News
CISA has ordered US federal agencies to patch Oracle Identity Manager against a zero-day exploit, warning that attackers have been actively exploiting the vulnerability and an attacker is likely responsible for the abuse. The critical alert emphasizes the importance of timely patching and highlights Oracle's sparse patch notes as a challenge for stretched security teams.
US federal agencies have been ordered by CISA to patch Oracle Identity Manager systems with a critical alert due to a zero-day exploit (CVE-2025-61757).The vulnerability allows unauthenticated remote attackers to gain full control of the system, posing significant risks to sensitive data and national security.Researchers and analysts found evidence that the vulnerability was actively exploited weeks before Oracle released its patch.Federal agencies have until December 12 to apply Oracle's Critical Patch Update (CPU) to fix the vulnerability.Failure to comply with CISA's alert will result in federal compliance consequences, emphasizing the urgency of this patching exercise.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert to US federal agencies, ordering them to patch their Oracle Identity Manager systems against a zero-day exploit (CVE-2025-61757) with utmost urgency. The agency warned that an actively exploited vulnerability allows unauthenticated remote attackers to gain full control of the system, posing significant risks to sensitive data and national security.
The vulnerability, discovered by researchers Adam Kues and Shubham Shah, is "easily exploitable" and can be triggered through a single HTTP request that bypasses OIM's normal authentication flow. Oracle disclosed the bug in October but did not indicate that it was under active exploitation. However, analysis from SANS ISC dean Johannes Ullrich suggests that attackers may have been aware of the flaw months before Oracle released its patch.
Ullrich analyzed traffic logs and found that the telltale OIM exploit URL was accessed repeatedly between August 30 and September 9, weeks before Oracle's October 21 patch release. The repeated access points to the same URL using different IP addresses indicate a single attacker at play, according to Ullrich. While the logs do not confirm successful compromise, they provide compelling evidence that CVE-2025-61757 was used as a zero-day by an adversary.
The discovery of this vulnerability highlights the importance of timely patching and the consequences of lagging customer patch cycles. Oracle's October advisory rated the issue critical but did not mention zero-day activity or exploitation telemetry. The combination of confirmed exploitation, credible zero-day evidence, and Oracle's characteristically sparse patch notes creates a challenging scenario for already stretched security teams.
Federal agencies now have until December 12 to apply Oracle's Critical Patch Update (CPU) to fix the vulnerability. Failure to comply with CISA's alert will result in federal compliance consequences, emphasizing the urgency of this patching exercise. The Register spoke to Oracle but did not receive a comment on whether the company had confirmed exploitation prior to CISA's advisory or received customer reports of incidents linked to CVE-2025-61757.
The incident underscores the importance of robust vulnerability management practices and the need for vendors to provide timely security updates. With the patching deadline looming, federal agencies must prioritize their systems' security to prevent potential breaches and data compromises.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Urges-Immediate-Patching-of-Oracle-Identity-Manager-Zero-Day-Exploit-After-Evidence-of-Abuses-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
https://www.theregister.com/2025/11/24/cisa_oracle_identity_manager/
https://www.msn.com/en-us/news/technology/cisa-orders-feds-to-patch-oracle-identity-manager-zero-day-after-signs-of-abuse/ar-AA1R2DK3
Published: Mon Nov 24 06:34:22 2025 by llama3.2 3B Q4_K_M
