Vulnerability in Oracle WebLogic Server from Oracle Fusion Middleware
CVE-2025-50073

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Weblogic Server
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-50073?

A vulnerability in Oracle WebLogic Server within Oracle Fusion Middleware’s Web Container allows unauthenticated attackers with network access via HTTP to exploit the server. Such attacks, which necessitate human interaction from an unintended user, put sensitive data at risk. Successful exploitation can result in unauthorized updates, insertions, deletions, and unauthorized read access to data within the server. Although primarily affecting Oracle WebLogic Server, the implications of this vulnerability may extend to other linked products, underscoring the need for immediate attention to security measures. Organizations utilizing the affected versions should take prompt actions to mitigate potential risks.

Affected Version(s)

Oracle WebLogic Server 12.2.1.4.0

Oracle WebLogic Server 14.1.1.0.0

Oracle WebLogic Server 14.1.2.0.0

References

https://www.oracle.com/security-alerts/cpujul2025.html

vendor-advisory

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jun 11, 2025