"Searchlight Cyber researchers Adam Kues and Shubham Shah, who discovered the flaw, said it can permit an attacker to access API endpoints that, in turn, can allow them "to manipulate authentication flows, escalate privileges, and move laterally across an organization's core systems." Specifically, it stems from a bypass of a security filter that tricks protected endpoints into being treated as publicly accessible by simply adding "?WSDL" or ";.wadl" to any URI."
"The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities ( KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated remote code execution. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.1.0. It was addressed by Oracle as part of its quarterly updates released last month."
CISA added CVE-2025-61757 to its Known Exploited Vulnerabilities catalog after observing active exploitation. The flaw is a missing authentication for a critical function in Oracle Identity Manager that yields pre-authenticated remote code execution and affects versions 12.2.1.4.0 and 14.1.2.1.0. Oracle issued a fix in its latest quarterly updates. Searchlight Cyber researchers found that attackers can access API endpoints to manipulate authentication flows, escalate privileges, and move laterally. The vulnerability results from an allow-list filter bypass using "?WSDL" or ";.wadl" appended to URIs, which tricks protected endpoints into being treated as public. The bypass can be exploited via a specially crafted POST to a Groovy-related endpoint to achieve remote code execution.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]