Ethical Hacking News
A critical flaw in Oracle Fusion Middleware has been added to the CISA KEV catalog, highlighting the importance of timely patching and vulnerability management. The identified flaw, tracked as CVE-2025-61757, is rated at a CVSS score of 9.8 and can result in pre-authenticated remote code execution. Organizations are advised to review the CISA KEV catalog and address any identified vulnerabilities in their infrastructure.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) catalog. The identified flaw, CVE-2025-61757, is rated at a CVSS score of 9.8, indicating severe consequences for an attacker who exploits it. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.1.0 of Oracle Fusion Middleware and can result in pre-authenticated remote code execution. Oracle has released a Critical Patch Update Advisory to address the vulnerability, but multiple attempts were detected using honeypot logs just weeks before the patch was released. The discovery highlights the importance of regularly reviewing the CISA KEV catalog and addressing identified vulnerabilities in infrastructure.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the importance of timely patching and vulnerability management in cloud-based systems.
The identified flaw, tracked as CVE-2025-61757, is rated at a CVSS score of 9.8, indicating that it has severe consequences for an attacker who exploits it. The vulnerability is related to missing authentication for a critical function in the Identity Manager product, which can result in pre-authenticated remote code execution. This means that an unauthenticated attacker with HTTP network access can compromise the Identity Manager system and gain full control over it.
The impact of this flaw is significant, as it affects versions 12.2.1.4.0 and 14.1.2.1.0 of Oracle Fusion Middleware. Fortunately, Oracle has released a Critical Patch Update Advisory in October 2025 to address the vulnerability. However, the fact that an analysis of honeypot logs revealed multiple HTTP POST attempts targeting the Oracle Identity Manager endpoint associated with CVE-2025-61757 just weeks before the patch was released highlights the potential for widespread exploitation.
SANS researcher Johannes B. Ullrich recently reported on his organization's honeypot logs, which showed that the scans originated from different IPs but used the same user agent, suggesting a single attacker. The 556-byte POST payloads indicated likely exploitation of the vulnerability as a zero-day. The attempts came from IP addresses such as 89.238.132[.]76, 185.245.82[.]81, and 138.199.29[.]153.
The discovery of this flaw in Oracle Fusion Middleware serves as a reminder for organizations to regularly review the CISA KEV catalog and address identified vulnerabilities in their infrastructure. The U.S. government's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities requires federal agencies to fix such vulnerabilities by December 12, 2025.
In light of this development, experts recommend that private organizations review the CISA KEV catalog and address any identified vulnerabilities in their systems. Timely patching and vulnerability management are crucial in preventing attacks that could result in significant data breaches or system compromise.
The Oracle Fusion Middleware flaw is just one example of the many critical vulnerabilities that are being addressed by various agencies around the world. As the threat landscape continues to evolve, it is essential for organizations to stay informed about the latest vulnerabilities and take proactive steps to protect their systems from potential attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Oracle-Fusion-Middleware-Flaw-A-Critical-Vulnerability-in-the-Cloud-ehn.shtml
https://securityaffairs.com/184935/security/u-s-cisa-adds-an-oracle-fusion-middleware-flaw-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2025-61757
https://www.cvedetails.com/cve/CVE-2025-61757/
Published: Sat Nov 22 06:20:42 2025 by llama3.2 3B Q4_K_M
