CVE-2025-61764
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | weblogic_server | 12.2.1.4.0 |
| oracle | weblogic_server | 14.1.1.0.0 |
| oracle | weblogic_server | 14.1.2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Oracle WebLogic Server versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. It allows an unauthenticated attacker with network access via HTTP to exploit the server easily. The attacker can gain unauthorized read access to some data accessible by Oracle WebLogic Server without needing any privileges or user interaction.
How can this vulnerability impact me? :
The impact of this vulnerability is unauthorized disclosure of some data on the Oracle WebLogic Server. While it does not allow modification or denial of service, the confidentiality of certain information can be compromised by an attacker remotely without authentication.