CVE-2025-61757

Overview

Oracle Corporation
Identity Manager

21 Oct 2025

Published

22 Nov 2025

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

71.16%

MITRE

KEV

Description

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

9 Posts
2 Interactions

Last activity: 7 hours ago

Fediverse

TechNadu @technadu

CISA has added CVE-2025-61757 to the KEV catalog, confirming active exploitation against Oracle Identity Manager. The flaw enables unauthenticated RCE via a lightweight URL-based auth bypass.

Searchlight researchers show how adding ?WSDL or ;.wadl can reach protected endpoints, manipulate auth flows, escalate privileges, and pivot through core IAM systems.

Teams running affected versions should patch promptly and monitor for exploitation attempts.
💬 Join the discussion and follow TechNadu for more real-world threat insights.

#Infosec #CISA #Oracle #Vulnerability #IAMSecurity #ZeroDay #ThreatResearch #SecurityOperations #CyberAwareness #PatchNow

0
0
0
14h ago

Offensive Sequence @offseq

🚨 CISA warns of CRITICAL, actively exploited zero-day (CVE-2025-61757) in Oracle Identity Manager. Unauth RCE possible—patch 12.2.1.4.0 & 14.1.2.1.0 now. Watch for API abuse (?WSDL, ;.wadl). More: https://radar.offseq.com/threat/cisa-warns-of-actively-exploited-critical-oracle-i-f247f1c1 #OffSeq #Oracle #IAM #Vuln

0
0
0
7h ago

Cybersecurity & cyberwarfare @cybersecurity

Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi

Una vulnerabilità, contrassegnata come CVE-2025-61757, è stata resa pubblica Searchlight Cyber giovedì scorso. I ricercatori dell’azienda hanno individuato il problema e hanno informato Oracle, che ha portato alla sua divulgazione.

Oracle ha corretto CVE-2025-61757 con le patch di ottobre 2025 e ha confermato che si tratta di un problema critico che può essere facilmente sfruttato senza autenticazione.

L’azienda di sicurezza l’ha descritta come una vulnerabilità critica di esecuzione di codice remoto pre-autenticazione in Oracle Identity Manager. L’exploit, che concatena una vulnerabilità di bypass dell’autenticazione e l’esecuzione di codice arbitrario, può consentire a un aggressore di compromettere completamente il sistema.

Searchlight Cyber ha avvertito giovedì che la vulnerabilità può “consentire agli aggressori di manipolare i flussi di autenticazione, aumentare i privilegi e muoversi lateralmente nei sistemi principali di un’organizzazione”, sottolineando che può “portare alla violazione dei server che gestiscono le informazioni personali identificabili (PII) e le credenziali degli utenti”.

“Ci sono diversi IP che stanno scansionando attivamente il bug, ma tutti utilizzano lo stesso user agent, il che suggerisce che potremmo avere a che fare con un singolo aggressore”, ha spiegato Ullrich. “Purtroppo non abbiamo catturato i corpi per queste richieste, ma erano tutte richieste POST”, ha aggiunto.

Il SANS Technology Institute ha utilizzato le informazioni tecniche e il codice PoC resi pubblici da Searchlight giovedì per controllare i propri registri honeypot alla ricerca di segnali di potenziale sfruttamento .

Secondo Johannes Ullrich di SANS, possibili casi di sfruttamento sono stati osservati più volte tra il 30 agosto e il 9 settembre, settimane prima che Oracle rilasciasse una patch.

L’esperto ha affermato che gli stessi indirizzi IP erano stati precedentemente visti mentre scansionavano il web alla ricerca di una vulnerabilità del prodotto Liferay (CVE-2025-4581) e conducevano scansioni che sembrano essere associate a bug bounty.

L'articolo Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi proviene da Red Hot Cyber.

0
0
0
22h ago

Bluesky

TechNadu @technadu.com

CISA added a critical Oracle Identity Manager flaw (CVE-2025-61757) to the Known Exploited list after detecting active scanning and attempted attacks. The issue stems from an authentication bypass that can lead to remote code execution using simple URL modifiers like ? #CyberSecurity #Oracle #CISA

0
1
0
14h ago

CyberHub @cyberhub.blog

📌 CISA Adds Critical Oracle Fusion Middleware Vulnerability (CVE-2025-61757) to KEV Catalog Due to Active Exploitation https://www.cyberhub.blog/article/15882-cisa-adds-critical-oracle-fusion-middleware-vulnerability-cve-2025-61757-to-kev-catalog-due-to-active-exploitation

0
1
0
12h ago

Red Hot Cyber @redhotcyber.bsky.social

Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi 📌 Link all'articolo : www.redhotcyber.com/post/ora... #redhotcyber #news #cybersecurity #hacking #oracle #identitymanager #cve202561757 #vulnerabilitacritica

0
0
0
22h ago

Eyal Estrin ☁️ @eyalestrin.bsky.social

CISA warns Oracle Identity Manager RCE flaw is being actively exploited (CVE-2025-61757) #patchmanagement

0
0
0
21h ago

CyberVeille @cyberveille-ch.bsky.social

📢 CISA alerte sur une faille exploitée dans Oracle Identity Manager (CVE-2025-61757) 📝 Selon une alerte de la CISA, les agences gouvernementales américaines s… https://cyberveille.ch/posts/2025-11-22-cisa-alerte-sur-une-faille-exploitee-dans-oracle-identity-manager-cve-2025-61757/ #CISA #Cyberveille

0
0
0
15h ago

WarthogTK @warthogtk.bsky.social

Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757) slcyber.io/research-cen...

0
0
0
9h ago

CVE-2025-41115

Overview

Grafana
Grafana Enterprise

21 Nov 2025

Published

22 Nov 2025

Updated

CVSS v3.1

CRITICAL (10.0)

EPSS

0.02%

MITRE

KEV

Description

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true

Statistics

4 Posts
1 Interaction

Last activity: 8 hours ago

Fediverse

TechNadu @technadu

Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.

Fixes are available in the latest enterprise versions. Immediate updates recommended.

💬 Share your thoughts and follow TechNadu for more technical updates.

#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness

0
0
0
13h ago

Bluesky

TechNadu @technadu.com

Grafana issued patches for CVE-2025-41115, a CVSS 10.0 SCIM flaw allowing impersonation or privilege escalation when certain SCIM settings were enabled. The issue stems from numeric externalId values potentially conflicting with internal user IDs. Updated builds are now available. #TechNews #Infosec

0
1
0
13h ago

CyberVeille @cyberveille-ch.bsky.social

📢 Faille critique dans Grafana Enterprise (CVE-2025-41115) via SCIM permettant l’usurpation d’admin 📝 Source: BleepingComputer — Grafan… https://cyberveille.ch/posts/2025-11-22-faille-critique-dans-grafana-enterprise-cve-2025-41115-via-scim-permettant-lusurpation-dadmin/ #CVE_2025_41115 #Cyberveille

0
0
0
15h ago

UndercodeTesting @undercode.bsky.social

Critical SCIM Flaw in Grafana Enterprise Lets Attackers Hijack Any Account, Including Admins Introduction: A critical vulnerability, CVE-2025-41115, has been identified in Grafana Enterprise's SCIM (System for Cross-domain Identity Management) implementation, carrying a maximum CVSS score of 10.0.…

0
0
0
8h ago

CVE-2025-59501

Overview

Microsoft
Microsoft Configuration Manager

31 Oct 2025

Published

22 Nov 2025

Updated

CVSS v3.1

MEDIUM (4.8)

EPSS

0.21%

MITRE

KEV

Description

Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.

Statistics

2 Posts
3 Interactions

Last activity: 11 hours ago

Bluesky

WarthogTK @warthogtk.bsky.social

SCCM’s AdminService uses Entra tokens without confirming the UPN exists in AD. A crafted synced UPN can let an attacker impersonate the site server. Microsoft now requires on-prem SID matching (CVE-2025-59501). specterops.io/blog/2025/11... github.com/garrettfoste...

1
2
0
11h ago

CyberVeille @cyberveille-ch.bsky.social

📢 Prise de contrôle d’une hiérarchie SCCM via intégration Entra ID (CVE-2025-59501) corrigée par KB35360093 📝 Source: SpecterO… https://cyberveille.ch/posts/2025-11-21-prise-de-controle-dune-hierarchie-sccm-via-integration-entra-id-cve-2025-59501-corrigee-par-kb35360093/ #CVE_2025_59501 #Cyberveille

0
0
0
20h ago

CVE-2025-27093

Overview

BishopFox
sliver

28 Oct 2025

Published

29 Oct 2025

Updated

CVSS v3.1

MEDIUM (6.3)

EPSS

0.03%

MITRE

KEV

Description

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.

Statistics

1 Post
2 Interactions

Last activity: 20 hours ago

Fediverse

DragonJAR @dragonjar

En las últimas 24 horas, la seguridad informática enfrenta una filtración interna crítica en CrowdStrike que pone en riesgo datos sensibles, una vulnerabilidad grave en el framework Sliver C2 que amenaza infraestructuras clave, un aumento en ataques de ransomware con tácticas sofisticadas, y fallos zero-day en Chrome y Cloudflare que afectan la privacidad y el sector criptográfico. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 22/11/25 📆 |====

🔐 ALERTA DE FILTRACIÓN INTERNA EN CROWDSTRIKE

CrowdStrike ha detectado un caso grave de filtración interna en el que un empleado compartió capturas de pantalla de sistemas internos con actores maliciosos no identificados. Este incidente subraya la importancia de monitorear el comportamiento interno para evitar fugas de información sensibles que puedan comprometer la seguridad corporativa. Conocer cómo identificar y mitigar amenazas internas es crucial para proteger datos estratégicos. Descubre todos los detalles sobre esta situación y sus implicaciones para la ciberseguridad empresarial. Conoce más aquí 👉 https://djar.co/lYYL

⚠️ VULNERABILIDAD CRÍTICA EN SLIVER C2 (CVE-2025-27093)

Sliver, un framework potente para comandos y control remoto encubierto, presenta una vulnerabilidad importante en su política de red predeterminada que puede exponer a los sistemas que lo utilizan a ataques de alto impacto. Comprender esta debilidad es esencial para administradores de seguridad que buscan asegurar infraestructuras que dependen de herramientas C2 para pruebas de penetración o actividades de red defensiva. Infórmate sobre cómo puede afectar esta falla y las recomendaciones para proteger tu infraestructura. Más información disponible aquí 👉 https://djar.co/EBkBt

🔒 ACTUALIZACIÓN SOBRE ATAQUES DE RANSOMWARE AL 21 DE NOVIEMBRE DE 2025

Se reporta una nueva oleada de ataques de ransomware con detalles técnicos sobre las técnicas y vulnerabilidades explotadas por los atacantes. Este informe esencial ofrece una visión clara del panorama actual de amenazas, permitiendo a profesionales de seguridad anticipar movimientos, reforzar defensas y desarrollar estrategias de respuesta más efectivas ante este tipo de ciberataques cada vez más sofisticados. Consulta el informe completo y prepárate ante las amenazas más recientes 👉 https://djar.co/gnIE

🌐 ANÁLISIS DE VULNERABILIDADES EN CHROME, CLOUD FLARE Y CRIPTOMONEDAS

Un exhaustivo análisis aborda las recientes vulnerabilidades zero-day en el navegador Chrome, problemas críticos en la infraestructura monocultural de Cloudflare, y un inesperado giro en el sector de criptomonedas que puede impactar la seguridad global. Este artículo es fundamental para entender cómo estas vulnerabilidades afectan la privacidad y seguridad en la red, además de brindar perspectivas para fortalecer sistemas y proteger activos digitales en entornos en constante cambio. Profundiza en estas amenazas y sus implicaciones aquí 👉 https://djar.co/3Yvzq

1
1
0
20h ago

CVE-2025-11001

Overview

7-Zip
7-Zip

19 Nov 2025

Published

21 Nov 2025

Updated

CVSS v3.0

HIGH (7.0)

EPSS

0.31%

MITRE

KEV

Description

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.

Statistics

2 Posts
1 Interaction

Last activity: 21 hours ago

Fediverse

Günter Born @gborn

AMD-Treiber unter Windows im Einsatz? Prüft, ob ihr von der 7-ZIP-Schwachstelle in den mitgelieferten Dateien betroffen seid.

https://www.borncity.com/blog/2025/11/22/7-zip-schwachstelle-cve-2025-11001-exploits-und-angriffe-amd-nutzer-muessen-handeln/

1
0
1
21h ago

CVE-2025-59272

Overview

Microsoft
Microsoft 365 Copilot's Business Chat

09 Oct 2025

Published

22 Nov 2025

Updated

CVSS v3.1

CRITICAL (9.3)

EPSS

0.08%

MITRE

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.

Statistics

1 Post
1 Interaction

Last activity: 21 hours ago

Bluesky

SecQube | Harvey | AI Platform for MS Graph @secqube.com

CVE-2025-59272 Copilot Spoofing Vulnerability scq.ms/4purJrY #SecQube #cybersecurity

0
1
0
21h ago

CVE-2025-59286

Overview

Microsoft
Microsoft 365 Copilot's Business Chat

09 Oct 2025

Published

22 Nov 2025

Updated

CVSS v3.1

CRITICAL (9.3)

EPSS

0.08%

MITRE

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.

Statistics

1 Post

Last activity: 4 hours ago

Bluesky

SecQube | Harvey | AI Platform for MS Graph @secqube.com

CVE-2025-59286 Copilot Spoofing Vulnerability scq.ms/3LWLY2L #SecQube #cybersecurity

0
0
0
4h ago

CVE-2025-13384

Overview

codepeople
CP Contact Form with PayPal

22 Nov 2025

Published

22 Nov 2025

Updated

CVSS v3.1

HIGH (7.5)

EPSS

0.09%

MITRE

KEV

Description

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes payment confirmations without any authentication, nonce verification, or PayPal IPN signature validation. This makes it possible for unauthenticated attackers to mark form submissions as paid without making actual payments by sending forged payment notification requests with arbitrary POST data (payment_status, txn_id, payer_email).

Statistics

1 Post

Last activity: 22 hours ago

Fediverse

Offensive Sequence @offseq

🔴 CVE-2025-13384 (HIGH): CP Contact Form with PayPal for WordPress exposes an unauthenticated endpoint, letting attackers forge payment confirmations. All versions up to 1.3.56 affected. Disable or block endpoint now! https://radar.offseq.com/threat/cve-2025-13384-cwe-862-missing-authorization-in-co-a8aeb71d #OffSeq #WordPress #Vuln

0
0
0
22h ago

CVE-2025-58034

Overview

Fortinet
FortiWeb

18 Nov 2025

Published

21 Nov 2025

Updated

CVSS v3.1

MEDIUM (6.7)

EPSS

2.69%

MITRE

KEV

Description

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Statistics

1 Post

Last activity: 18 hours ago

Bluesky

r/blueteamsec bot @r-blueteamsec.bsky.social

Fortinet published an advisory for CVE-2025-58034. it is an authenticated command injection vulnerability affecting FortiWeb. Fortinet and CISA have indicated that it has been exploited in-the-wild

0
0
0
18h ago

CVE-2024-30045

Overview

Microsoft
.NET 8.0

14 May 2024

Published

03 May 2025

Updated

CVSS v3.1

MEDIUM (6.3)

EPSS

0.29%

MITRE

KEV

Description

.NET and Visual Studio Remote Code Execution Vulnerability

Statistics

1 Post

Last activity: 19 hours ago

Bluesky

ferramentaslinux.bsky.social @ferramentaslinux.bsky.social

🚨 CRITICAL: Fedora 39 #dotnet7.0 update patches RCE vulnerability (CVE-2024-30045). System.Drawing.Common flaw allows remote code execution via a malicious image. Read more: 👉 tinyurl.com/4pc39pp9

0
0
0
19h ago