Latest Oracle Identity Manager vulnerability: CVE-2025-61757 #
Oracle has disclosed a vulnerability in certain versions of its Identify Manager contained within the Oracle Fusion Middleware suite that, when exploited, may allow a remote, unauthenticated adversary to achieve arbitrary remote code execution (RCE). This vulnerability has been designated CVE-2025-61757 and has been rated critical with a CVSS score of 9.8.
The following versions are affected
- Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0
What is Oracle Identity Manager? #
Oracle Identity Manager is a complete security platform that manages user lifecycles and provides secure access to enterprise resources. It automates user management across cloud and on-premises systems, enables secure sign-on with features like multi-factor authentication.
What is the impact? #
Successful exploitation of these vulnerabilities would allow an adversary to execute arbitrary commands on the vulnerable host, potentially leading to complete system compromise.
Are updates or workarounds available? #
Users are encouraged to upgrade affected versions of Oracle Identity Manager to the latest patched version as quickly as possible.
How to find potentially vulnerable systems with runZero #
From the Software Inventory, use the following query to locate potentially impacted assets:
vendor:="Oracle" product:="Identity Manager"
