CVE-2025-61757 — AI Deep Analysis Summary

🚨 **Essence**: A critical pre-auth RCE in Oracle Identity Manager. 📉 **Consequences**: Attackers can take over the entire Identity Manager system. CVSS Score: **9.8 (Critical)**. It allows full compromise via HTTP.

🔍 **Root Cause**: Missing Authentication for Critical Function (**CWE-306**). 🐛 **Flaw**: The `SecurityFilter` mishandles request URIs.…

🏢 **Vendor**: Oracle Corporation. 📦 **Product**: Oracle Fusion Middleware - Identity Manager. 📅 **Affected Versions**: **12.2.1.4.0** and **14.1.2.1.0**. Specifically the REST WebServices component.

🔓 **Privileges**: Unauthenticated access. 🛠️ **Actions**: Execute arbitrary code via Groovy scripts. 💥 **Impact**: Complete system takeover. 📂 **Data**: Full control over identity management data and server resources.

⚡ **Threshold**: Extremely Low. 🔑 **Auth**: None required (Pre-Auth). 🌐 **Network**: Exploitable via standard HTTP. 🎯 **Complexity**: Low. Just a URL manipulation is enough.

🔥 **Public Exp**: YES. Multiple PoCs exist on GitHub (e.g., `nuclei-templates`, `Blackash-CVE-2025-61757`). 🚀 **Wild Exploitation**: High risk due to easy automation and low barrier to entry.

🛡️ **Self-Check**: Use automated scanners like Nuclei. 🔎 **Detection**: Look for `;.wadl` parameter injection.…

📜 **Official Patch**: Refer to Oracle Advisory (CPU Oct 2025). 🔄 **Action**: Update to the latest patched version immediately. Oracle has acknowledged the issue and released guidance.

🚧 **Workaround**: If patching is delayed, restrict HTTP access to the REST WebServices endpoint. 🛑 **Mitigation**: Block external access to the vulnerable URI pattern or implement WAF rules to filter `;.wadl` injections.

🔴 **Priority**: **CRITICAL / URGENT**. ⏳ **Timeline**: Published Oct 21, 2025. 🚨 **Advice**: Patch immediately.…