CISA Adds Critical Oracle Fusion Middleware Vulnerability (CVE-2025-61757) to KEV Catalog Due to Active Exploitation

22 Nov 2025

Breaking NewsSecurityCISACVE-2025-61757Hackinghacking newsInformation Security NewsKnown Exploited Vulnerabilities CatalogOracle Fusion Middleware flawPierluigi PaganiniSecurity AffairsSecurity NewsAuthentication BypassVulnerability ManagementEnterprise SecurityCritical VulnerabilityExploitationPatch ManagementPrivilege EscalationUnauthorized AccessCybersecurity LandscapeThreat DetectionIncident Response

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Oracle Fusion Middleware, identified as CVE-2025-61757 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability involves a lack of authentication for a critical function, which could allow unauthorized users to exploit the system. The inclusion in the KEV catalog indicates that this vulnerability is being actively exploited in the wild.

Oracle Fusion Middleware is a suite of software products that provides middleware services for applications, facilitating communication and data management between the operating system and applications. The high CVSS score of 9.8 underscores the severity of this vulnerability, which could lead to unauthorized data access, manipulation, or complete system compromise.

The active exploitation of this vulnerability highlights its significance in the current cybersecurity landscape. Organizations using Oracle Fusion Middleware are urged to apply patches or mitigations immediately to prevent potential breaches. The lack of authentication for a critical function means that attackers could bypass security measures, making this a high-priority issue for cybersecurity professionals.

From a technical perspective, this vulnerability could lead to privilege escalation or unauthorized access, depending on the function's role within the middleware. Organizations should not only focus on patching but also on enhancing their monitoring and detection capabilities to identify any potential exploitation attempts.

In conclusion, the addition of CVE-2025-61757 to CISA's KEV catalog underscores the urgency for organizations to address this vulnerability. The active exploitation and high severity score make it a critical issue that requires immediate attention. Cybersecurity professionals should prioritize patching and monitoring to mitigate the risks associated with this vulnerability.

CISA Adds Critical Oracle Fusion Middleware Vulnerability (CVE-2025-61757) to KEV Catalog Due to Active Exploitation

22 Nov 2025