CISA has added a critical Oracle Identity Manager zero-day vulnerability (CVE-2025-64446) to its Known Exploited Vulnerabilities catalog after confirming active attacks in the wild. The flaw scores a devastating 9.8 on the CVSS scale and lets attackers remotely execute code without any authentication required.
The vulnerability poses a major threat to organizations relying on Oracle Identity Manager for access control. Federal agencies face a mandatory patching deadline under CISA's Binding Operational Directive 22-01. Organizations should immediately apply patches and check their systems for signs of compromise, as hackers are already exploiting this security hole.
Source: The Hacker News