PT-2025-42974 · Oracle · Oracle Weblogic Server

Published

2025-10-21

Updated

2025-10-21

CVE-2025-61752

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 14.1.1.0.0 through 14.1.2.0.0

Description An easily exploitable issue exists in the Oracle WebLogic Server product of Oracle Fusion Middleware (Core component). An unauthenticated attacker with network access via HTTP/2 can compromise the server. Successful exploitation can lead to a denial of service, causing a hang or frequent crashes of the Oracle WebLogic Server.

Recommendations Update Oracle WebLogic Server to a version beyond 14.1.2.0.0.

Fix

DoS

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2025-15858

CVE-2025-61752

Affected Products

Oracle Weblogic Server

PT-2025-42974 · Oracle · Oracle Weblogic Server

CVE-2025-61752

Weakness Enumeration

Related Identifiers

Affected Products

References · 6