WAF Release – November 21, 2025
A recent update to the Web Application Firewall (WAF) introduces a crucial detection for CVE-2025-61757. This vulnerability affects the Oracle Identity Manager REST WebServices component.
Key Findings
This security flaw enables unauthenticated attackers, with network access via HTTP, to achieve a complete compromise of the Identity Manager system. This could result in a full takeover of the affected system.
Impact
The exploitation of CVE-2025-61757 in Oracle Identity Manager could permit a remote attacker, without authentication, to bypass security measures. This is achieved by sending specially crafted requests to the application’s message processor. Successful exploitation allows for the creation of unauthorized employee accounts, which can then be used to alter system configurations and ultimately lead to a complete system compromise.
A new detection rule has been implemented within the Cloudflare Managed Ruleset. This rule, identified by ID 39fdbe7e, specifically targets the “Oracle Identity Manager – Pre-Auth RCE – CVE:CVE-2025-61757” vulnerability. The default action for this new detection is set to Block.
