The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added a critical vulnerability in Oracle Fusion Middleware to its Known Exploited Vulnerabilities Catalog. The flaw, CVE-2025-61757, impacts the Identity Manager component and carries a CVSS score of 9.8, signifying that it is an easily exploitable issue that could allow an unauthenticated attacker to compromise and take over the component. Oracle first disclosed the vulnerability as part of its Critical Patch Update Advisory on October 21. According to the security firm that discovered it, exploitation of the flaw is likely “trivial”. The inclusion in CISA's catalog confirms that there are active, in-the-wild exploits of this vulnerability, raising the urgency for customers to apply security patches.