A critical vulnerability in Oracle Identity Manager is under active exploitation, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA has instructed all federal civilian executive branch agencies to ensure the vulnerability is patched by December 12, 2025, and strongly recommends that all users apply the available patches as soon as possible.

The remote code execution vulnerability can be easily exploited by an unauthenticated remote attacker via HTTP.  Successful exploitation would allow an attacker to execute arbitrary code on vulnerable systems, leading to a full takeover of Oracle Identity Manager. The vulnerability is tracked as CVE-2025-61757 and has a CVSS severity score of 9.8 out of 10.  The vulnerability is due to missing authentication for a critical function in the REST WebServices component of Oracle Fusion Middleware. The vulnerability can be exploited to trick a security filter into treating protected endpoints as publicly accessible, allowing access to a script that can be abused to run malicious code.

The vulnerability was identified by Searchlight Cyber researchers Adam Kues and Shubham Shahflow, who reported the vulnerability to Oracle. The researchers identified the flaw while investigating a security incident that exploited an older vulnerability, CVE-2021-35587. The researchers report that, in contrast to some of the previously identified vulnerabilities in Oracle Access Manager, this flaw is somewhat trivial and is easily exploitable by threat actors.

The vulnerability affects the supported versions 12.2.1.4.0 and 14.1.2.1.0. Oracle released patches to fix the vulnerability in its batch of October 2025 security updates. Any users who have yet to download and install the patches should do so immediately to prevent exploitation, as the researchers have now released all the necessary information to exploit the flaw.

While it is unclear how widely the vulnerability is being exploited, it is likely to be a prime target for ransomware groups. Some evidence has been found to suggest that the flaw has been exploited since August 30, 2025, potentially by an advanced persistent threat actor.

The post Critical Flaw in Oracle Identity Manager Under Active Exploitation appeared first on The HIPAA Journal.

A critical vulnerability has been identified in Emerson Appleton UPSMON-PRO, monitoring and power management software for uninterruptible power supplies. The software is used by healthcare and public health sector organizations to ensure power is maintained for essential equipment.

The vulnerability was identified by security researcher Kimiya, working with the Trend Micro Zero Day Initiative, who reported the issue to the Cybersecurity and Infrastructure Security Agency (CISA). The stack-based buffer overflow vulnerability is tracked as CVE-2024-3871 and has been assigned a CVSS v3.1 base score of 9.3 (CVSS v4 9.8). The vulnerability can be exploited by sending a specially crafted UDP packet to the default UDP port 2601, which can cause an overflow of the buffer stack, overwriting critical memory locations.

Successful exploitation of the vulnerability could allow an unauthorized individual to execute arbitrary code with SYSTEM privileges if the UPSMONProService service communication is not properly validated.

The vulnerability affects Appleton UPSMON-PRO versions 2.6 and earlier. Emerson has warned that the affected versions have reached end-of-life, so patches are not being released to fix the vulnerability. Any user who has yet to replace the affected UPSMON-PRO version with an actively supported UPS monitoring solution should do so as soon as possible.

While there is no patch, there are recommended mitigations to reduce the potential for exploitation. Users should block UDP port 2601 at the firewall level for all UPSMON-PRO installations, UPS monitoring networks should be isolated from general corporate networks, network-level packet filtering should reject oversized UDP packets to port 2601, and UPSMON-ProSer.exe should be monitored for server crashes as potential indicators of exploitation attempts.

CISA recommends ensuring that Emerson Appleton UPSMON-PRO is not accessible from the Internet, and if remote access is required, to ensure that secure methods are used to connect remotely, such as virtual private networks running the most up-to-date software version.

The post Critical Vulnerability Identified in Emerson Appleton UPSMON-PRO appeared first on The HIPAA Journal.