CISA is sounding the alarm on CVE-2025-61757, a sneaky pre-authentication remote code execution flaw in Oracle Identity Manager that’s already being exploited by bad actors, possibly as a zero-day vulnerability since late August. This issue lets attackers bypass authentication in the REST APIs by tacking on simple parameters like ?WSDL or ;.wadl, granting unauthorized access to Groovy scripts that can then be weaponized to run malicious code during compilation. Discovered by Searchlight Cyber researchers and patched in Oracle’s October updates, this flaw is surprisingly easy to exploit compared to other Oracle vulnerabilities, making it a prime target for cybercriminals. For SMBs and MSPs relying on Oracle tools, this means double-checking your systems for unpatched instances and prioritizing that December 12 deadline for fixes, because ignoring it could leave your network wide open to attacks that disrupt operations or steal data. Meanwhile, keep an eye on unusual traffic patterns, like those shady HTTP POST requests hitting specific endpoints, to stay one step ahead of these digital intruders.
You May Also Enjoy
French Football Federation discloses data breach after cyberattack
The French Football Federation (FFF) recently fessed up to a data breach where hackers snagged access to their admin software via a hijacked account, exposin...
Malicious LLMs empower inexperienced hackers with advanced tools
Malicious large language models like WormGPT 4 and KawaiiGPT are basically handing out cybercrime starter kits, letting script kiddies crank out sophisticate...
OpenAI discloses API customer data breach via Mixpanel vendor hack
OpenAI just fessed up to a sneaky data slip involving some ChatGPT API users, all thanks to a smishing attack on their analytics vendor, Mixpanel—yeah, that ...
Mixpanel Security Breach
Mixpanel recently spilled the beans on a security hiccup involving a smishing attack that snuck up on a handful of customers back on November 8th, 2025, prov...