• About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us
AimactGrow
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing
No Result
View All Result
AimactGrow
No Result
View All Result

CISA Points Warning as Hackers Goal Oracle Identification Supervisor RCE Flaw

Admin by Admin
November 22, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a brand new Oracle vulnerability to its Recognized Exploited Vulnerabilities (KEV) catalog, warning that attackers are already exploiting it in real-world assaults.

The bug, tracked as CVE-2025-61757, impacts Oracle Identification Supervisor, a part of Oracle Fusion Middleware.

The flaw is rated as a “lacking authentication for vital perform” situation, that means a distant attacker can entry highly effective features within the product with out first logging in.

In observe, this opens the door to full distant code execution and full takeover of the id platform.

Discipline Worth
CVE ID CVE-2025-61757
Vulnerability Sort Lacking Authentication for Essential Operate
Affected Product Oracle Fusion Middleware / Oracle Identification Supervisor
Affected Variations 12c 12.2.1.4.0 and sure others

Pre-auth RCE in extensively used id software program

Many enterprises and authorities companies use Oracle Identification Supervisor (often known as Oracle Identification Governance) to handle consumer accounts, credentials, and entry rights.

As a result of it sits on the heart of id and entry administration, a compromise of this method can rapidly result in domain-wide or cloud-wide compromise.

Safety researchers from Searchlight Cyber’s Assetnote crew found that sure Oracle Identification Supervisor REST APIs may very well be accessed with out correct authentication checks.

By abusing how the product handles URL patterns and filters, an attacker can trick the system into treating protected endpoints as in the event that they had been public.

As soon as previous authentication, the attacker can attain performance that processes Groovy scripts. Though the function is meant solely for syntax checking, the researchers confirmed that it may be abused to run code throughout compilation.

This turns a easy logic flaw into a robust pre-authentication distant code execution (RCE) vulnerability.

The analysis follows an earlier main breach of Oracle Cloud’s login service in January, during which attackers reportedly exploited an older Oracle Entry Supervisor flaw (CVE-2021-35587) to realize RCE and steal thousands and thousands of information.

The brand new bug, CVE-2025-61757, impacts associated id parts and will have been used equally in opposition to Oracle’s personal infrastructure if left unpatched.

CISA notes that the vulnerability is especially regarding as a result of it may be exploited over the community by an unauthenticated attacker.

On condition that many Oracle Identification Supervisor cases are uncovered to the web for consumer entry, the assault floor is critical. CVE-2025-61757 was added to CISA’s KEV catalog on November 21, 2025.

Federal civilian companies are ordered to use Oracle’s fixes, observe Binding Operational Directive (BOD) 22-01 steering for cloud providers, or discontinue use of the product by December 12, 2025.

Organizations operating Oracle Fusion Middleware and Oracle Identification Supervisor ought to urgently deploy the newest Oracle Essential Patch Replace, overview exterior publicity of id providers, and monitor for suspicious entry to administrative APIs and scripting options.

Observe us on Google Information, LinkedIn, and X to Get Prompt Updates and set GBH as a Most popular Supply in Google.

Tags: CISAFlawhackersidentityIssuesManagerOracleRCEtargetWarning
Admin

Admin

Next Post
The Gathering Black Friday Offers Proper Now

The Gathering Black Friday Offers Proper Now

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Black Ops 7’s New Traditional Mode Appears to Repair a Lot of Points Gamers Have With the Recreation

Black Ops 7’s New Traditional Mode Appears to Repair a Lot of Points Gamers Have With the Recreation

June 5, 2026
Synthetic intelligence: Yann LeCun works on extra versatile AI

Synthetic intelligence: Yann LeCun works on extra versatile AI

July 6, 2026

Trending.

Nsfw Chatgpt Options – Examples I’ve Used

Nsfw Chatgpt Options – Examples I’ve Used

October 13, 2025
ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

ModeloRAT and Mistic Backdoor Exercise Linked to Ransomware Preliminary Entry Dealer

June 24, 2026
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Acquire Root Entry

June 25, 2026
Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

Web Information Caps Defined: The right way to Keep away from Overages and Discover Limitless Plans

September 23, 2025
Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

Hijacked npm and Go Packages Use VS Code Duties to Deploy Python Infostealer

June 29, 2026

AimactGrow

Welcome to AimactGrow, your ultimate source for all things technology! Our mission is to provide insightful, up-to-date content on the latest advancements in technology, coding, gaming, digital marketing, SEO, cybersecurity, and artificial intelligence (AI).

Categories

  • AI
  • Coding
  • Cybersecurity
  • Digital marketing
  • Gaming
  • SEO
  • Technology

Recent News

Meta pulls new AI picture characteristic after days of backlash

Meta pulls new AI picture characteristic after days of backlash

July 11, 2026
Son of Rome Had Plans To Be Xbox’s Murderer’s Creed

Son of Rome Had Plans To Be Xbox’s Murderer’s Creed

July 11, 2026
  • About Us
  • Privacy Policy
  • Disclaimer
  • Contact Us

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved

No Result
View All Result
  • Home
  • Technology
  • AI
  • SEO
  • Coding
  • Gaming
  • Cybersecurity
  • Digital marketing

© 2025 https://blog.aimactgrow.com/ - All Rights Reserved