Oracle Fusion Middleware Identity Manager authentication bypass

Added: 11/24/2025

Background

Oracle Fusion Middleware is a platform for creating and running applications.

Problem

An authentication bypass vulnerability in the Identity Manager component allows remote attackers to execute arbitrary commands by appending ;.wadl to a URL.

Resolution

See Oracle Patch Availability Document 3105435.1 for patch information.

References

https://www.oracle.com/security-alerts/cpuoct2025.html
https://slcyber.io/research-center/breaking-oracles-identity-manager-pre-auth-rce/

Platforms

Windows
Linux

Back to exploit index