Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757) › Searchlight Cyber

Searchlight Cyber’s research team discovered a pre-authentication RCE vulnerability (CVE-2025-61757) in Oracle Identity Manager by bypassing authentication filters using a .wadl extension. This vulnerability could have been exploited to breach Oracle’s login service, similar to a previous incident, and was achieved by leveraging Java’s annotation processor at compile time to execute arbitrary code.