CVE-2025-61752: 
Oracle WebLogic Server vulnerability analysis and mitigation

A vulnerability has been identified in Oracle WebLogic Server's Core component (CVE-2025-61752). The affected versions are 14.1.1.0.0 and 14.1.2.0.0. This vulnerability was disclosed on October 21, 2025, and allows unauthenticated attackers with network access via HTTP/2 to compromise the WebLogic Server (Oracle CPU, NVD).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High severity) with the vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N) or integrity (I:N), but high impact on availability (A:H). The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) (NVD).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. The impact is primarily focused on system availability, with no direct impact on data confidentiality or integrity (Oracle CPU).

Oracle has released patches for the affected versions (14.1.1.0.0 and 14.1.2.0.0) as part of the October 2025 Critical Patch Update. Organizations are strongly recommended to apply these security patches as soon as possible to address the vulnerability (Oracle CPU).