CVE-2025-30762: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) affects versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 or IIOP protocols to compromise Oracle WebLogic Server. The vulnerability was disclosed on July 15, 2025, and has been assigned a CVSS 3.1 Base Score of 7.5, indicating a high severity rating (NVD, Oracle CPU).

The vulnerability is characterized by missing authentication for critical functions (CWE-306). It can be exploited through network access via T3 and IIOP protocols. The CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and primarily impacts confidentiality (NVD).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. The vulnerability specifically impacts the confidentiality of the system, with no direct effects on integrity or availability (Oracle CPU).

Oracle has released security patches as part of the July 2025 Critical Patch Update. Organizations running affected versions (12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0) should apply these patches immediately. Until patches can be applied, organizations should consider restricting network access to T3 and IIOP protocols where possible (Oracle CPU).