CVE-2025-21535

Published Jan 21, 2025

Last updated 14 days ago

CVSS critical 9.8

Overview

Description
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Source
secalert_us@oracle.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-306

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Oracle WebLogic Server の脆弱性 CVE-2025-21535 (CVSS 9.8) が FIX:RCE の可能性 https://t.co/JYSYn0jdlQ 先週にリリースされた January 2025 Critical Patch Update で修正済みの CVE-2025-21535 ですが、RCE の脆弱性ですので、ご利用のチームは、ご注意ください。なお、前回の WebLogic… https://t.co/egpaLpmhYR

    @iototsecnews

    3 Feb 2025

    129 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A critical vulnerability (CVE-2025-21535, CVSS 9.8) in Oracle WebLogic Server allows remote code execution via T3 and IIOP protocols. Patches are now available. 🛡️ #Oracle #WebLogic #USA link: https://t.co/76Arbniwm9 https://t.co/7rGLXxSOoF

    @TweetThreatNews

    27 Jan 2025

    127 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Oracle WebLogic Server Remote Code Execution and Denial of Service Vulnerability (CVE-2025-21535/CVE-2025-21549) - Security Boulevard https://t.co/8aZnu9fjNt

    @PVynckier

    26 Jan 2025

    193 Impressions

    3 Retweets

    3 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. CVE-2025-21535 (CVSS 9.8): Vulnerability in Oracle WebLogic Server Could Lead to Remote Code Execution https://t.co/BFmQfvenHT

    @Dinosn

    24 Jan 2025

    2758 Impressions

    10 Retweets

    30 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. CVE-2025-21535 (CVSS 9.8): Vulnerability in Oracle WebLogic Server Could Lead to RCE Learn about the potential risks of the vulnerability in WebLogic Server. Stay protected from unauthenticated remote attacks that could exploit this critical flaw https://t.co/iqGbtiOrGW

    @the_yellow_fall

    24 Jan 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Oracle WebLogic Server のリモート コード実行およびサービス拒否の脆弱性 (CVE-2025-21535/CVE-2025-21549) Oracle WebLogic Server Remote Code Execution and Denial of Service Vulnerability (CVE-2025-21535/CVE-2025-21549) #SecurityBoulevard (Jan 23) https://t.co/X1ajQEprzH

    @foxbook

    23 Jan 2025

    200 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-21535 Oracle WebLogic Server Easily Exploitable Unauthenticated RCE🔥 CVSS Score: 9.8 #vulmon #infosec #oracle https://t.co/J6b5SnLZXX

    @vulmoncom

    22 Jan 2025

    503 Impressions

    5 Retweets

    8 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  8. CVE-2025-21535: Server Takeover in Oracle WebLogic, 9.8 rating 🔥 Easily exploitable vuln in the Core component allows an attacker to remotely compromise a WebLogic server. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/sN1DGRCdKW #cybersecurity #vulnerability_map ht

    @Netlas_io

    22 Jan 2025

    1014 Impressions

    9 Retweets

    18 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨Alert🚨 CVE-2025-21535 : Critical Vulnerability in Oracle WebLogic Server 📊 2.7M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/sCnTqGaKO6 👇Query HUNTER :https://t.co/q9rtuGfZuz="Oracle WebLogic Server" FOFA :… https://t.co/G33l5AvtQs ht

    @HunterMapping

    22 Jan 2025

    1292 Impressions

    5 Retweets

    11 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-21535 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.… https://t.co/SOXQiPxRg4

    @CVEnew

    21 Jan 2025

    278 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. [CVE-2025-21535: CRITICAL] Critical Vulnerability in Oracle WebLogic Server: Unauthenticated attacker can exploit through T3, IIOP, leading to potential server takeover. Update affected versions immediately.#cybersecurity,#vulnerability https://t.co/gPtr5gBQcc https://t.co/9TrL7l

    @CveFindCom

    21 Jan 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References