CVE-2025-61764: 
Oracle WebLogic Server vulnerability analysis and mitigation

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core) affects versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. This vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server, potentially resulting in unauthorized read access to a subset of Oracle WebLogic Server accessible data. The vulnerability was disclosed on October 21, 2025, with a CVSS 3.1 Base Score of 5.3 (Oracle CPU).

The vulnerability has been assigned a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed. The vulnerability primarily impacts confidentiality, with no direct effects on integrity or availability. The weakness is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. The confidentiality impact is rated as Low, while there are no direct impacts on system integrity or availability (Oracle CPU).

Oracle has released security patches as part of the October 2025 Critical Patch Update. Customers are strongly advised to apply these security patches as soon as possible. The patches are available for affected versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 (Oracle CPU).