Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of Critical Vulnerability in Oracle Identity Manager

24 November 2025

Oracle has released security updates to address a critical vulnerability in their Oracle Identity Manager.

Background

Oracle has released security updates to address a critical vulnerability (CVE-2025-61757) in their Oracle Identity Manager. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Impact

Successful exploitation of the authentication bypass vulnerability could allow a remote unauthenticated attacker to perform arbitrary code execution, privilege escalation, and move laterally across an organisation's core systems.

Known Exploitation

This vulnerability is reportedly being exploited in the wild.

Affected Products

Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0.

Mitigation

Users and administrators of affected products are advised to update to the latest version immediately.

Indicators of Compromise

Possible indicators of compromise to support immediate detection, hunting, and containment:

  • 89.238.132[.]76

  • 185.245.82[.]81

  • 138.199.29[.]153

HTTP POST requests to the following endpoint may also be indicative of attempted exploitation:

  • /iam/governance/applicationmanagement/api/v1/applications/groovyscriptstatus;.wadl

References

https://nvd.nist.gov/vuln/detail/CVE-2025-61757

https://www.oracle.com/security-alerts/cpuoct2025.html

https://isc.sans.edu/diary/32506

https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html

Back to top