CVE-2025-50064: 
Oracle WebLogic Server vulnerability analysis and mitigation

CVE-2025-50064 is a vulnerability discovered in Oracle WebLogic Server, a component of Oracle Fusion Middleware. The affected versions include 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. The vulnerability was initially disclosed on July 15, 2025, as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability is classified as an easily exploitable vulnerability that allows high-privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. The vulnerability has received a CVSS 3.1 Base Score of 4.8 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This indicates network vector access, low attack complexity, high privileges required, user interaction required, changed scope, and low impacts on confidentiality and integrity with no impact on availability (NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data, as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. The vulnerability has the potential to significantly impact additional products beyond WebLogic Server due to scope change characteristics (NVD).

Oracle has released patches for all affected versions (12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0) as part of the July 2025 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible due to the threat posed by successful attacks (Oracle CPU).