The ‘easily exploitable’ vulnerability impacts the Identity Manager tool within the Oracle enterprise integration platform, according to a disclosure.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed that a critical-severity flaw impacting Oracle’s Fusion Middleware platform has seen exploitation in cyberattacks.
The vulnerability (tracked as CVE-2025-61757) impacts the Identity Manager tool within Oracle Fusion Middleware, a platform that enables application development and provides functionality such as integrations between applications.
[Related: 10 Major Cyberattacks And Data Breaches In 2025 (So Far)]
The flaw was added Friday to CISA’s catalog of vulnerabilities known to have been exploited by threat actors, and has received a severity rating of 9.8 out of 10.0.
Oracle Fusion Middleware “contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager,” CISA wrote in the entry to the catalog, noting that it’s currently unknown whether the flaw has been utilized in ransomware attacks.
“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA wrote in its advisory, requiring federal agencies to implement fixes for the issue by Dec. 12.
While the order only applies to Federal Civilian Executive Branch agencies, CISA “strongly urges” all impacted organizations to prioritize remediation of exploited vulnerabilities such as this one, the agency said.
The “easily exploitable vulnerability” can be exploited by “an unauthenticated attacker with network access via HTTP to compromise Identity Manager,” an online disclosure about the vulnerability said.
CRN has reached out to Oracle for comment.
