CVE-2025-61752: 
Oracle WebLogic Server vulnerability analysis and mitigation

A vulnerability has been identified in Oracle WebLogic Server (component: Core) affecting versions 14.1.1.0.0 and 14.1.2.0.0. The vulnerability (CVE-2025-61752) was disclosed on October 21, 2025, and is easily exploitable by unauthenticated attackers with network access via HTTP/2 (NVD, Oracle CPU).

The vulnerability has been assigned a CVSS 3.1 Base Score of 7.5 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The attack vector is network-accessible and requires no authentication or user interaction, making it particularly concerning. The vulnerability specifically affects the Core component of WebLogic Server and can be exploited through HTTP/2 protocol (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash, leading to a complete denial of service (DOS) of Oracle WebLogic Server. The vulnerability impacts only the availability aspect of the system, with no direct effect on confidentiality or integrity (NVD).

Oracle has released patches for the affected versions (14.1.1.0.0 and 14.1.2.0.0) as part of the October 2025 Critical Patch Update. Organizations are strongly advised to apply these security patches as soon as possible to address this vulnerability (Oracle CPU).