24h | 7d | 30d

Overview

  • Oracle Corporation
  • Identity Manager

21 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
71.16%

Description

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 9 Posts
  • 2 Interactions

Last activity: 7 hours ago

Fediverse

Profile picture

CISA has added CVE-2025-61757 to the KEV catalog, confirming active exploitation against Oracle Identity Manager. The flaw enables unauthenticated RCE via a lightweight URL-based auth bypass.

Searchlight researchers show how adding ?WSDL or ;.wadl can reach protected endpoints, manipulate auth flows, escalate privileges, and pivot through core IAM systems.

Teams running affected versions should patch promptly and monitor for exploitation attempts.
💬 Join the discussion and follow TechNadu for more real-world threat insights.

  • 0
  • 0
  • 0
  • 14h ago
Profile picture

🚨 CISA warns of CRITICAL, actively exploited zero-day (CVE-2025-61757) in Oracle Identity Manager. Unauth RCE possible—patch 12.2.1.4.0 & 14.1.2.1.0 now. Watch for API abuse (?WSDL, ;.wadl). More: radar.offseq.com/threat/cisa-w

  • 0
  • 0
  • 0
  • 7h ago
Profile picture

Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi

Una vulnerabilità, contrassegnata come CVE-2025-61757, è stata resa pubblica Searchlight Cyber giovedì scorso. I ricercatori dell’azienda hanno individuato il problema e hanno informato Oracle, che ha portato alla sua divulgazione.

Oracle ha corretto CVE-2025-61757 con le patch di ottobre 2025 e ha confermato che si tratta di un problema critico che può essere facilmente sfruttato senza autenticazione.

L’azienda di sicurezza l’ha descritta come una vulnerabilità critica di esecuzione di codice remoto pre-autenticazione in Oracle Identity Manager. L’exploit, che concatena una vulnerabilità di bypass dell’autenticazione e l’esecuzione di codice arbitrario, può consentire a un aggressore di compromettere completamente il sistema.

Searchlight Cyber ha avvertito giovedì che la vulnerabilità può “consentire agli aggressori di manipolare i flussi di autenticazione, aumentare i privilegi e muoversi lateralmente nei sistemi principali di un’organizzazione”, sottolineando che può “portare alla violazione dei server che gestiscono le informazioni personali identificabili (PII) e le credenziali degli utenti”.

“Ci sono diversi IP che stanno scansionando attivamente il bug, ma tutti utilizzano lo stesso user agent, il che suggerisce che potremmo avere a che fare con un singolo aggressore”, ha spiegato Ullrich. “Purtroppo non abbiamo catturato i corpi per queste richieste, ma erano tutte richieste POST”, ha aggiunto.

Il SANS Technology Institute ha utilizzato le informazioni tecniche e il codice PoC resi pubblici da Searchlight giovedì per controllare i propri registri honeypot alla ricerca di segnali di potenziale sfruttamento .

Secondo Johannes Ullrich di SANS, possibili casi di sfruttamento sono stati osservati più volte tra il 30 agosto e il 9 settembre, settimane prima che Oracle rilasciasse una patch.

L’esperto ha affermato che gli stessi indirizzi IP erano stati precedentemente visti mentre scansionavano il web alla ricerca di una vulnerabilità del prodotto Liferay (CVE-2025-4581) e conducevano scansioni che sembrano essere associate a bug bounty.

L'articolo Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi proviene da Red Hot Cyber.

  • 0
  • 0
  • 0
  • 22h ago

Bluesky

Profile picture
CISA added a critical Oracle Identity Manager flaw (CVE-2025-61757) to the Known Exploited list after detecting active scanning and attempted attacks. The issue stems from an authentication bypass that can lead to remote code execution using simple URL modifiers like ? #CyberSecurity #Oracle #CISA
  • 0
  • 1
  • 0
  • 14h ago
Profile picture
📌 CISA Adds Critical Oracle Fusion Middleware Vulnerability (CVE-2025-61757) to KEV Catalog Due to Active Exploitation https://www.cyberhub.blog/article/15882-cisa-adds-critical-oracle-fusion-middleware-vulnerability-cve-2025-61757-to-kev-catalog-due-to-active-exploitation
  • 0
  • 1
  • 0
  • 12h ago
Profile picture
Oracle sotto attacco: scoperta una vulnerabilità RCE pre-auth che compromette interi sistemi 📌 Link all'articolo : www.redhotcyber.com/post/ora... #redhotcyber #news #cybersecurity #hacking #oracle #identitymanager #cve202561757 #vulnerabilitacritica
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
CISA warns Oracle Identity Manager RCE flaw is being actively exploited (CVE-2025-61757) #patchmanagement
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
📢 CISA alerte sur une faille exploitée dans Oracle Identity Manager (CVE-2025-61757) 📝 Selon une alerte de la CISA, les agences gouvernementales américaines s… https://cyberveille.ch/posts/2025-11-22-cisa-alerte-sur-une-faille-exploitee-dans-oracle-identity-manager-cve-2025-61757/ #CISA #Cyberveille
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757) slcyber.io/research-cen...
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • Grafana
  • Grafana Enterprise

21 Nov 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.02%

KEV

Description

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user identity handling allows a malicious or compromised SCIM client to provision a user with a numeric externalId, which in turn could allow to override internal user IDs and lead to impersonation or privilege escalation. This vulnerability applies only if all of the following conditions are met: - `enableSCIM` feature flag set to true - `user_sync_enabled` config option in the `[auth.scim]` block set to true

Statistics

  • 4 Posts
  • 1 Interaction

Last activity: 8 hours ago

Fediverse

Profile picture

Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.

Fixes are available in the latest enterprise versions. Immediate updates recommended.

💬 Share your thoughts and follow TechNadu for more technical updates.

  • 0
  • 0
  • 0
  • 13h ago

Bluesky

Profile picture
Grafana issued patches for CVE-2025-41115, a CVSS 10.0 SCIM flaw allowing impersonation or privilege escalation when certain SCIM settings were enabled. The issue stems from numeric externalId values potentially conflicting with internal user IDs. Updated builds are now available. #TechNews #Infosec
  • 0
  • 1
  • 0
  • 13h ago
Profile picture
📢 Faille critique dans Grafana Enterprise (CVE-2025-41115) via SCIM permettant l’usurpation d’admin 📝 Source: BleepingComputer — Grafan… https://cyberveille.ch/posts/2025-11-22-faille-critique-dans-grafana-enterprise-cve-2025-41115-via-scim-permettant-lusurpation-dadmin/ #CVE_2025_41115 #Cyberveille
  • 0
  • 0
  • 0
  • 15h ago
Profile picture
Critical SCIM Flaw in Grafana Enterprise Lets Attackers Hijack Any Account, Including Admins Introduction: A critical vulnerability, CVE-2025-41115, has been identified in Grafana Enterprise's SCIM (System for Cross-domain Identity Management) implementation, carrying a maximum CVSS score of 10.0.…
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • Microsoft
  • Microsoft Configuration Manager

31 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
MEDIUM (4.8)
EPSS
0.21%

KEV

Description

Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.

Statistics

  • 2 Posts
  • 3 Interactions

Last activity: 11 hours ago

Bluesky

Profile picture
SCCM’s AdminService uses Entra tokens without confirming the UPN exists in AD. A crafted synced UPN can let an attacker impersonate the site server. Microsoft now requires on-prem SID matching (CVE-2025-59501). specterops.io/blog/2025/11... github.com/garrettfoste...
  • 1
  • 2
  • 0
  • 11h ago
Profile picture
📢 Prise de contrôle d’une hiérarchie SCCM via intégration Entra ID (CVE-2025-59501) corrigée par KB35360093 📝 Source: SpecterO… https://cyberveille.ch/posts/2025-11-21-prise-de-controle-dune-hierarchie-sccm-via-integration-entra-id-cve-2025-59501-corrigee-par-kb35360093/ #CVE_2025_59501 #Cyberveille
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • BishopFox
  • sliver

28 Oct 2025
Published
29 Oct 2025
Updated

CVSS v3.1
MEDIUM (6.3)
EPSS
0.03%

KEV

Description

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially enabling leaked or recovered keypairs to be used to attack operators or allowing port forwardings to be accessible from other implants.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 20 hours ago

Fediverse

Profile picture

En las últimas 24 horas, la seguridad informática enfrenta una filtración interna crítica en CrowdStrike que pone en riesgo datos sensibles, una vulnerabilidad grave en el framework Sliver C2 que amenaza infraestructuras clave, un aumento en ataques de ransomware con tácticas sofisticadas, y fallos zero-day en Chrome y Cloudflare que afectan la privacidad y el sector criptográfico. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 22/11/25 📆 |====

🔐 ALERTA DE FILTRACIÓN INTERNA EN CROWDSTRIKE

CrowdStrike ha detectado un caso grave de filtración interna en el que un empleado compartió capturas de pantalla de sistemas internos con actores maliciosos no identificados. Este incidente subraya la importancia de monitorear el comportamiento interno para evitar fugas de información sensibles que puedan comprometer la seguridad corporativa. Conocer cómo identificar y mitigar amenazas internas es crucial para proteger datos estratégicos. Descubre todos los detalles sobre esta situación y sus implicaciones para la ciberseguridad empresarial. Conoce más aquí 👉 djar.co/lYYL

⚠️ VULNERABILIDAD CRÍTICA EN SLIVER C2 (CVE-2025-27093)

Sliver, un framework potente para comandos y control remoto encubierto, presenta una vulnerabilidad importante en su política de red predeterminada que puede exponer a los sistemas que lo utilizan a ataques de alto impacto. Comprender esta debilidad es esencial para administradores de seguridad que buscan asegurar infraestructuras que dependen de herramientas C2 para pruebas de penetración o actividades de red defensiva. Infórmate sobre cómo puede afectar esta falla y las recomendaciones para proteger tu infraestructura. Más información disponible aquí 👉 djar.co/EBkBt

🔒 ACTUALIZACIÓN SOBRE ATAQUES DE RANSOMWARE AL 21 DE NOVIEMBRE DE 2025

Se reporta una nueva oleada de ataques de ransomware con detalles técnicos sobre las técnicas y vulnerabilidades explotadas por los atacantes. Este informe esencial ofrece una visión clara del panorama actual de amenazas, permitiendo a profesionales de seguridad anticipar movimientos, reforzar defensas y desarrollar estrategias de respuesta más efectivas ante este tipo de ciberataques cada vez más sofisticados. Consulta el informe completo y prepárate ante las amenazas más recientes 👉 djar.co/gnIE

🌐 ANÁLISIS DE VULNERABILIDADES EN CHROME, CLOUD FLARE Y CRIPTOMONEDAS

Un exhaustivo análisis aborda las recientes vulnerabilidades zero-day en el navegador Chrome, problemas críticos en la infraestructura monocultural de Cloudflare, y un inesperado giro en el sector de criptomonedas que puede impactar la seguridad global. Este artículo es fundamental para entender cómo estas vulnerabilidades afectan la privacidad y seguridad en la red, además de brindar perspectivas para fortalecer sistemas y proteger activos digitales en entornos en constante cambio. Profundiza en estas amenazas y sus implicaciones aquí 👉 djar.co/3Yvzq

  • 1
  • 1
  • 0
  • 20h ago

Overview

  • 7-Zip
  • 7-Zip

19 Nov 2025
Published
21 Nov 2025
Updated

CVSS v3.0
HIGH (7.0)
EPSS
0.31%

KEV

Description

7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. Was ZDI-CAN-26753.

Statistics

  • 2 Posts
  • 1 Interaction

Last activity: 21 hours ago

Fediverse

Profile picture

AMD-Treiber unter Windows im Einsatz? Prüft, ob ihr von der 7-ZIP-Schwachstelle in den mitgelieferten Dateien betroffen seid.

borncity.com/blog/2025/11/22/7

  • 1
  • 0
  • 1
  • 21h ago

Overview

  • Microsoft
  • Microsoft 365 Copilot's Business Chat

09 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
0.08%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Bluesky

Profile picture
CVE-2025-59272 Copilot Spoofing Vulnerability scq.ms/4purJrY #SecQube #cybersecurity
  • 0
  • 1
  • 0
  • 21h ago

Overview

  • Microsoft
  • Microsoft 365 Copilot's Business Chat

09 Oct 2025
Published
22 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
0.08%

KEV

Description

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.

Statistics

  • 1 Post

Last activity: 4 hours ago

Bluesky

Profile picture
CVE-2025-59286 Copilot Spoofing Vulnerability scq.ms/3LWLY2L #SecQube #cybersecurity
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • codepeople
  • CP Contact Form with PayPal

22 Nov 2025
Published
22 Nov 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.09%

KEV

Description

The CP Contact Form with PayPal plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.56. This is due to the plugin exposing an unauthenticated IPN-like endpoint (via the 'cp_contactformpp_ipncheck' query parameter) that processes payment confirmations without any authentication, nonce verification, or PayPal IPN signature validation. This makes it possible for unauthenticated attackers to mark form submissions as paid without making actual payments by sending forged payment notification requests with arbitrary POST data (payment_status, txn_id, payer_email).

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture

🔴 CVE-2025-13384 (HIGH): CP Contact Form with PayPal for WordPress exposes an unauthenticated endpoint, letting attackers forge payment confirmations. All versions up to 1.3.56 affected. Disable or block endpoint now! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Fortinet
  • FortiWeb

18 Nov 2025
Published
21 Nov 2025
Updated

CVSS v3.1
MEDIUM (6.7)
EPSS
2.69%

Description

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.

Statistics

  • 1 Post

Last activity: 18 hours ago

Bluesky

Profile picture
Fortinet published an advisory for CVE-2025-58034. it is an authenticated command injection vulnerability affecting FortiWeb. Fortinet and CISA have indicated that it has been exploited in-the-wild
  • 0
  • 0
  • 0
  • 18h ago

Overview

  • Microsoft
  • .NET 8.0

14 May 2024
Published
03 May 2025
Updated

CVSS v3.1
MEDIUM (6.3)
EPSS
0.29%

KEV

Description

.NET and Visual Studio Remote Code Execution Vulnerability

Statistics

  • 1 Post

Last activity: 19 hours ago

Bluesky

Profile picture
🚨 CRITICAL: Fedora 39 #dotnet7.0 update patches RCE vulnerability (CVE-2024-30045). System.Drawing.Common flaw allows remote code execution via a malicious image. Read more: 👉 tinyurl.com/4pc39pp9
  • 0
  • 0
  • 0
  • 19h ago
Showing 1 to 10 of 14 CVEs