CVE-2025-30762

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.oracle.com/security-alerts/cpujul2025.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::*
	cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*

History

24 Jul 2025, 20:56

Type	Values Removed	Values Added
References	~~() https://www.oracle.com/security-alerts/cpujul2025.html -~~	() https://www.oracle.com/security-alerts/cpujul2025.html - Patch, Vendor Advisory
First Time		Oracle weblogic Server Oracle
CPE		cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:::::::* cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:::::::* cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:::::::*

16 Jul 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-15 20:15

Updated : 2025-07-24 20:56

NVD link : CVE-2025-30762

Mitre link : CVE-2025-30762

CVE.ORG link : CVE-2025-30762

JSON object : View

Products Affected

oracle

weblogic_server

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2025-30762", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert_us@oracle.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-15T20:15:30.567", "references": [{"url": "https://www.oracle.com/security-alerts/cpujul2025.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert_us@oracle.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles afectadas son 12.2.1.4.0, 14.1.1.0.0 y 14.1.2.0.0. Esta vulnerabilidad, f\u00e1cilmente explotable, permite a un atacante no autenticado con acceso a la red a trav\u00e9s de T3 e IIOP comprometer Oracle WebLogic Server. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en el acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles de Oracle WebLogic Server. Puntuaci\u00f3n base de CVSS 3.1: 7,5 (Afecta a la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."}], "lastModified": "2025-07-24T20:56:51.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"}, {"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FCA3D99-4596-4CF0-B5E1-7A6497F83B83"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}