CISA adds one known exploited vulnerability to catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has incorporated a new vulnerability affecting Oracle Fusion Middleware into its Known Exploited Vulnerabilities (KEV) Catalog, identifying it as actively exploited and posing risks to federal systems.

The vulnerability, tracked as CVE-2025-61757, involves missing authentication controls within critical functions of Oracle Fusion Middleware. This flaw is present in specific versions of the software, and exploitation requires interaction with unauthenticated interfaces. The advisory distinguishes this vulnerability by highlighting its exploitation pathway through unprotected critical functions, differing from other vulnerability types that may require authentication or involve different components.

Exploitation of this vulnerability can lead to unauthorized access to critical system functions, which has implications for system integrity and confidentiality as outlined in the advisory.

Mitigation options described include applying the vendor's patches where available. CISA notes that this vulnerability has been added to the KEV Catalog due to evidence of active exploitation, and federal agencies are mandated under Binding Operational Directive (BOD) 22-01 to address such vulnerabilities within prescribed timelines.

The advisory emphasizes that although BOD 22-01 is directed at Federal Civilian Executive Branch agencies, CISA recommends that all organizations consider prioritizing remediation of vulnerabilities listed in the KEV Catalog to reduce susceptibility to cyber threats. The agency commits to ongoing updates of the catalog as additional vulnerabilities meeting established criteria are confirmed.

Cloudbrink updates AI features on secure connectivity platform

Atos named leader in ISG AI-driven application services

Fortinet expands FortiCNAPP with network and data context