CVE-2025-50073
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | weblogic_server | 14.1.2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle WebLogic Server component called Web Container. It affects specific supported versions (12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0). An unauthenticated attacker with network access via HTTP can exploit this vulnerability, but successful exploitation requires human interaction from someone other than the attacker. The vulnerability can lead to unauthorized read, insert, update, or delete access to some data accessible by Oracle WebLogic Server, potentially impacting additional products beyond WebLogic Server itself.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain unauthorized access to Oracle WebLogic Server data, including the ability to read, insert, update, or delete certain data. This can compromise the confidentiality and integrity of the data, potentially leading to data breaches, data manipulation, or disruption of services that rely on the affected server.