Exploitation Risk in Oracle WebLogic Server by Oracle
CVE-2025-50064

4.8MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Weblogic Server
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-50064?

A vulnerability exists in Oracle WebLogic Server that could allow a high privileged attacker with network access via HTTP to compromise the system. Successful exploitation requires user interaction from a party other than the attacker, which poses additional risks as it may enable unauthorized access to sensitive data. The affected versions, including Oracle WebLogic Server 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0, are particularly vulnerable to attacks that result in unauthorized updates, insertions, deletions, and read access to accessible data, impacting not only the WebLogic Server itself but potentially other connected systems.

Affected Version(s)

Oracle WebLogic Server 12.2.1.4.0

Oracle WebLogic Server 14.1.1.0.0

Oracle WebLogic Server 14.1.2.0.0

References

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jun 11, 2025