CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

Discover a critical Oracle Identity Manager zero-day vulnerability and learn how to protect your systems from active attacks.

By Content Team

Nov 22, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

CISA has added a critical Oracle Identity Manager zero-day vulnerability (CVE-2025-64446) to its Known Exploited Vulnerabilities catalog after confirming active attacks in the wild. The flaw scores a devastating 9.8 on the CVSS scale and lets attackers remotely execute code without any authentication required.

The vulnerability poses a major threat to organizations relying on Oracle Identity Manager for access control. Federal agencies face a mandatory patching deadline under CISA's Binding Operational Directive 22-01. Organizations should immediately apply patches and check their systems for signs of compromise, as hackers are already exploiting this security hole.

Source: The Hacker News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical 'MongoBleed' Bug Under Active Attack, Patch Now

Jan 6, 2026

M&S Cyber Attack Chaos Leaves More Questions Than Answers

Feb 18, 2026

TriZetto Provider Solutions Breach Hits 3.4 Million Patients

Mar 11, 2026

Chinese Hackers Hijacked Notepad++ Updates Through Hosting Provider Compromise

Feb 2, 2026