"Searchlight Cyber researchers Adam Kues and Shubham Shah, who discovered the flaw, have published their own technical teardown of the vulnerability that doesn't mince words about the ease with which criminals can weaponize it. The researchers call exploitation "trivial," describing a single HTTP request that bypasses OIM's normal authentication flow and ultimately gives an attacker remote system-level control. Oracle disclosed the bug in October, but didn't indicate that it was under active exploitation."
"However, analysis from SANS ISC dean Johannes Ullrich suggests attackers may have known about the flaw long before Oracle did. In traffic logs Ullrich reviewed, the telltale OIM exploit URL appeared repeatedly between August 30 and September 9 - weeks before Oracle released a patch on October 21. "This URL was accessed several times between August 30 and September 9 this year, well before Oracle patched the issue," Ullrich wrote. "There are several different IP addresses scanning for it, but they all use the same user agent, which suggests that we may be dealing with a single attacker.""
A critical Oracle Identity Manager vulnerability (CVE-2025-61757) permits unauthenticated network attackers to fully compromise OIM by exploiting missing authentication in Fusion Middleware. Exploitation is trivial: a single HTTP request can bypass OIM's authentication flow and yield remote system-level control. Traffic logs show the exploit URL was accessed repeatedly between August 30 and September 9, prior to Oracle issuing a patch on October 21, indicating likely pre-patch scanning or exploitation. CISA added the flaw to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch by December 12 or face compliance consequences.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]