CVE-2025-50064
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | weblogic_server | 14.1.2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle WebLogic Server, specifically in versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. It allows a highly privileged attacker with network access via HTTP to compromise the server. Exploitation requires human interaction from someone other than the attacker. Successful exploitation can lead to unauthorized update, insertion, or deletion of some accessible data, as well as unauthorized read access to a subset of accessible data within Oracle WebLogic Server.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker with high privileges and network access to perform unauthorized modifications (update, insert, delete) and unauthorized reading of some data on the Oracle WebLogic Server. This could lead to data compromise and potential disruption of services relying on the affected server.