TopVuln

High-risk vulnerability digests

CVE-2025-61757

  • CRITICAL
  • KEV

Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability

Details

CVSS v3
9.8
NVD published
2025-10-21 20:20:52
CISA date
2025-11-21
EPSS
88.1% probability · 99.5th percentile — 2026-03-20
Affected versions
cpe:2.3:a:oracle:identity_manager:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:identity_manager:14.1.2.1.0:*:*:*:*:*:*:*
Summary
Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
Remediation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploit info
No exploit-tagged NVD references in our cache; see the CISA KEV link below.

View on NVD  ·  CISA KEV catalog

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.