The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning regarding a critical, actively exploited zero-day vulnerability in Oracle Identity Manager. This flaw poses a significant risk to affected systems.
The vulnerability, identified as CVE-2025-52054 with a severe CVSS score of 9.8, enables remote attackers to bypass authentication and gain unauthorized access. This could lead to a complete compromise of the system.
This critical issue affects Oracle Identity Manager versions 12.2.1.4.0, 12.2.1.4.230718, and 12.2.1.4.230725. Organizations using these versions are particularly vulnerable to attack.
CISA officially added this flaw to its Known Exploited Vulnerabilities (KEV) Catalog on November 21, 2025. Federal agencies are mandated to patch their systems against this vulnerability by December 12, 2025. You can find more details in CISA’s alert: CISA Adds One Known Exploited Vulnerability to Catalog.
This marks the second Oracle Identity Manager vulnerability added to the KEV catalog this year. The previous one, CVE-2025-2420, was another high-severity flaw. The ongoing exploitation indicates attackers are keen to target these systems.
Oracle addressed CVE-2025-52054 as part of its October 2025 Critical Patch Update (CPU). It is crucial for all organizations, not just federal agencies, to apply these patches without delay. Oracle’s security advisories provide essential information: Oracle Critical Patch Update Advisory – October 2025.
Reports suggest that threat actors are actively exploiting unpatched applications to establish persistent access and move laterally within compromised networks. The SANS Internet Storm Center also highlighted the severity: SANS ISC Diary.
Given the active exploitation and the critical nature of this vulnerability, organizations should review their systems, prioritize the deployment of the necessary updates, and monitor for any signs of compromise. Staying updated on the KEV catalog is also vital: CISA Known Exploited Vulnerabilities Catalog.
Amidst such critical threats, employing robust cybersecurity tools is paramount. Vulnerability scanners, for instance, are key in identifying weaknesses before attackers can exploit them, reinforcing overall security posture. Essential cybersecurity tools for 2025.
The ongoing exploitation of Oracle Identity Manager mirrors tactics seen in other campaigns, such as ShadowRay 2.0, where attackers relentlessly exploit unpatched vulnerabilities in AI frameworks for cryptomining. This underscores the persistent nature of threat actors. ShadowRay 2.0 exploits Ray AI flaw.
A recent critical flaw in Grafana’s SCIM component, with a CVSS score of 10.0, demonstrates how severe vulnerabilities can lead to user impersonation and privilege escalation. Such incidents underscore the urgency for immediate patching in critical systems like Oracle Identity Manager. Grafana patches critical SCIM flaw.