CVE Alert: CVE-2025-61752 – Oracle Corporation – Oracle WebLogic Server
CVE-2025-61752
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
AI Summary Analysis
Risk verdict
High risk: unauthenticated network exploitation can cause a complete denial of service on Oracle WebLogic Server; patching should be treated as a priority.
Why this matters
The vulnerability enables anyone on the network to disrupt availability without credentials, risking outage of business-critical apps and customer-facing services. In organisations where WebLogic underpins core services, an attacker could degrade or interrupt operations, harming revenue and service reliability.
Most likely attack path
Exploitation originates at the network edge with no privileges required and no user interaction. An attacker sends crafted HTTP/2 requests to a vulnerable WebLogic Core component, triggering a crash or hang and causing sustained service downtime. The attack does not grant access to data, but repeatable DoS can force restarts and service disruption; lateral movement is limited by the vulnerability’s scope, but production availability is the primary target.
Who is most exposed
Entities running publicly reachable WebLogic instances (on-premises or cloud deployments) using versions 14.1.1.0.0 or 14.1.2.0.0 are at direct risk; organisations with exposed DMZ or multi-tenant environments are particularly vulnerable.
Detection ideas
- Frequent WebLogic crashes or hang events and crash dumps in server logs.
- Spikes in CPU or memory on WLS processes following unauthenticated requests on HTTP/2 endpoints.
- Unusual surges in HTTP/2 traffic to WebLogic endpoints, without corresponding user activity.
- Repeated failed/blocked external connection attempts to WLS service ports.
Mitigation and prioritisation
- Apply Oracle patch versions 14.1.1.0.0 and 14.1.2.0.0 per the vendor advisory; schedule a maintenance window and verify in staging first.
- Implement network controls: restrict access to WLS endpoints, enable WAF/rate-limiting, and consider temporarily disabling features to reduce exposure.
- Monitor for crash dumps and abnormal restarts; establish alerting on sudden availability losses.
- Change-management: test rollback plan; document patch validation and service-restoration steps.
- If KEV is confirmed or EPSS is high, treat as Priority 1; otherwise maintain high-priority remediation.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
