PT-2025-42985 · Oracle · Oracle Weblogic Server

Published

2025-10-21

Updated

2025-10-22

CVE-2025-61764

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle WebLogic Server versions 12.2.1.4.0 Oracle WebLogic Server versions 14.1.1.0.0 Oracle WebLogic Server versions 14.1.2.0.0

Description An easily exploitable issue exists in the Oracle WebLogic Server Core component. An unauthenticated attacker with network access via HTTP can compromise the server. Successful exploitation may result in unauthorized read access to a subset of data accessible through Oracle WebLogic Server.

Recommendations Update Oracle WebLogic Server version 12.2.1.4.0 to a newer, fixed version. Update Oracle WebLogic Server version 14.1.1.0.0 to a newer, fixed version. Update Oracle WebLogic Server version 14.1.2.0.0 to a newer, fixed version.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2025-15860

CVE-2025-61764

Affected Products

Oracle Weblogic Server

PT-2025-42985 · Oracle · Oracle Weblogic Server

CVE-2025-61764

Weakness Enumeration

Related Identifiers

Affected Products

References · 7