CVE-2025-61757
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
CVSS
—
No CVSS
EPSS
88.3%
p100
KEV
YES
Nov 21, 2025
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Oracle / Fusion Middleware
Vulnerability
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
Added to KEV
Nov 21, 2025
Remediate by
Dec 12, 2025
Known ransomware use
No
Summary description
Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757