CISA adds Oracle Fusion Middleware vulnerability to known exploited vulnerabilities catalog

CISA has included a new security vulnerability affecting Oracle Fusion Middleware in its Known Exploited Vulnerabilities (KEV) Catalog. This flaw involves a missing authentication mechanism for a critical function and has been associated with active exploitation incidents.

The added entry corresponds to CVE-2025-61757 and impacts versions of Oracle Fusion Middleware where the authentication check for an essential function is absent. The vulnerability could be triggered through interaction with the affected component, enabling unauthorized access. The advisory specifies this issue without indicating differences among other vulnerabilities.

The presence of this vulnerability allows threat actors to exploit the missing authentication to gain unauthorized system access, posing a risk to enterprise security environments. The advisory notes active exploitation as evidence for its inclusion in the catalog.

Addressing this vulnerability requires applying the appropriate remedial measures as indicated by Oracle and related guidance. No alternative mitigations or temporary workarounds are detailed in the advisory, emphasizing the need for patch implementation.

The advisory references Binding Operational Directive (BOD) 22-01, which mandates remediation of vulnerabilities listed in the KEV Catalog by Federal Civilian Executive Branch agencies. While the directive is specific to these agencies, CISA recommends that all organizations incorporate remediation of cataloged vulnerabilities into their security practices to limit exposure to known attack vectors.

CISA issues advisory on Safetica kernel driver IOCTL vulnerability

JumpCloud Inc. adds Google Workspace as sponsor for JumpCloudLand 2026

Netskope publishes research on I&O readiness for AI ERA