Oracle Identity Manager Authentication Bypass (CVE-2025-61757)
Description
Oracle Identity Manager contains a critical authentication bypass vulnerability (CVE-2025-61757) in its REST WebServices component that allows unauthenticated remote attackers to access administrative endpoints without providing valid credentials. This flaw enables attackers to bypass all authentication mechanisms and gain full administrative control over the Identity Manager instance, potentially compromising all managed user identities, access policies, and connected enterprise systems.
Remediation
1. Immediately apply the Oracle Critical Patch Update (CPU) for October 2025 available at https://www.oracle.com/security-alerts/cpuoct2025.html
2. Review Oracle Identity Manager access logs for suspicious authentication attempts or unauthorized administrative actions, particularly focusing on REST WebServices endpoints
3. As a temporary mitigation if patching cannot be performed immediately, restrict network access to Oracle Identity Manager REST WebServices endpoints using firewall rules or web application firewall (WAF) policies to allow only trusted IP addresses
4. After patching, rotate all administrative credentials and review user accounts for unauthorized modifications
5. Verify the integrity of existing identity configurations and access policies to ensure no unauthorized changes were made prior to remediation