Severity
High
Analysis Summary
CVE-2025-61757 CVSS:9.8
An unspecified vulnerability in Oracle Identity Manager related to the REST WebServices component could allow a remote attacker to cause high confidentiality impact, high integrity impact and high availability impact.
CVE-2025-61752 CVSS:7.5
An unspecified vulnerability in Oracle WebLogic Server related to the Core component could allow a local attacker to cause high availability impact.
CVE-2025-61751 CVSS:8.1
An unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure related to the Platform component could allow a remote authenticated attacker to cause high confidentiality impact and high integrity impact.
Impact
- Code Execution
- Information Disclosure
Indicators of Compromise
CVE
CVE-2025-61757
CVE-2025-61752
CVE-2025-61751
Affected Vendors
Affected Products
- Oracle WebLogic Server 14.1.1.0.0
- Oracle Identity Manager 12.2.1.4.0
- Oracle Identity Manager 14.1.2.1.0
- Oracle WebLogic Server 14.1.2.0.0
- Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9
- Oracle Financial Services Analytical Applications Infrastructure 8.0.8.7
- Oracle Financial Services Analytical Applications Infrastructure 8.1.2.5
Remediation
Refer to Oracle Critical Patch Update Advisory - October 2025 for patch, upgrade or suggested workaround information.