CVE-2025-21535

The vulnerable software is Oracle WebLogic Server, specifically the Core component of Oracle Fusion Middleware. The affected versions are 12.2.1.4.0 and 14.1.1.0.0. This issue allows an unauthenticated attacker to remotely compromise a WebLogic server via T3 or IIOP protocols, potentially leading to a server takeover. An exploit for this issue is available, and it's estimated that over 2.7 million services may be vulnerable. The issue can be exploited through insufficient filtering of incoming data through the T3 and IIOP protocols, allowing for remote code execution. More information about the exploit and affected systems can be found at the vendor's advisory.

#OracleWebLogicServer #Cybersecurity #Exploit #T3 #IIOP #OracleFusionMiddleware #ServerTakeover #infosec #oracle