Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 12, 2025

CVE-2025-61757

High
EPSS 84.2%CISA KEV
Oracle/Fusion Middleware

Description

Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.

EPSS — Exploit Probability

84.2%

Higher than 99.3% of all CVEs

Required Action

https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757

Related Articles (1)

Industry News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.

Mar 21, 2026

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
84.2%
CISA KEV
Yes
Ransomware
Unknown
Articles
1

Timeline

Published

Nov 21, 2025

Added to KEV

Nov 21, 2025

Remediation Due

Dec 12, 2025

Affected Product

Oracle

Fusion Middleware

View all Oracle CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE