CVE-2025-50073: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container) affects versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. The vulnerability requires human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.1, indicating MEDIUM severity. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, which indicates network attack vector, low attack complexity, no privileges required, user interaction required, changed scope, and low impacts on confidentiality and integrity with no impact on availability (NVD). The vulnerability has been classified under CWE-285 (Improper Authorization) (NVD).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. The scope change indicates that the vulnerability may impact components beyond the vulnerable component itself (Oracle CPU).

Oracle has released patches for the affected versions (12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0) as part of the July 2025 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches without delay (Oracle CPU).