CVE-2025-61752 – An unauthenticated remote attacker can exploit ... (How to Fix)

Q: What is the severity of CVE-2025-61752?

CVE-2025-61752 has a CVSS score of 7.5 (HIGH). An unauthenticated remote attacker can exploit this vulnerability in Oracle WebLogic Server via HTTP/2 to cause a denial of service, resulting in server crashes or hangs. This affects Oracle WebLogic Server 14.1.1.0.0 and 14.1.2.0.0 running in Oracle Fusion Middleware environments.

📋 TL;DR

An unauthenticated remote attacker can exploit this vulnerability in Oracle WebLogic Server via HTTP/2 to cause a denial of service, resulting in server crashes or hangs. This affects Oracle WebLogic Server 14.1.1.0.0 and 14.1.2.0.0 running in Oracle Fusion Middleware environments.

💻 Affected Systems

Products:

Oracle WebLogic Server

Versions: 14.1.1.0.0 and 14.1.2.0.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Core component of Oracle Fusion Middleware. HTTP/2 must be enabled, which is common in modern configurations.

📦 What is this software?

Weblogic Server by Oracle

View all CVEs affecting Weblogic Server →

Weblogic Server by Oracle

View all CVEs affecting Weblogic Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unavailability of WebLogic Server, disrupting all applications and services hosted on it.

🟠

Likely Case

Frequent server crashes requiring manual restarts, causing significant service disruption.

🟢

If Mitigated

Limited impact if network access is restricted and proper monitoring is in place.

🌐 Internet-Facing: HIGH - Unauthenticated network access via HTTP/2 makes internet-facing servers prime targets.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CVSS describes as 'easily exploitable' with low attack complexity. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply patches from Oracle Critical Patch Update October 2025

Vendor Advisory: https://www.oracle.com/security-alerts/cpuoct2025.html

Restart Required: Yes

Instructions:

1. Download appropriate patches from Oracle Support. 2. Apply patches following Oracle's patch installation procedures. 3. Restart WebLogic Server instances. 4. Verify patch application.

🔧 Temporary Workarounds

Disable HTTP/2

all

Temporarily disable HTTP/2 protocol support to prevent exploitation via this vector

Modify WebLogic Server configuration to disable HTTP/2 protocol support

Network Access Control

all

Restrict network access to WebLogic Server administration ports

Configure firewall rules to limit access to trusted IP addresses only

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to WebLogic Server
Deploy Web Application Firewall (WAF) with DoS protection rules and monitor for attack patterns

🔍 How to Verify

Check if Vulnerable:

Check WebLogic Server version via console or command line. If running 14.1.1.0.0 or 14.1.2.0.0, system is vulnerable.

Check Version:

java weblogic.version

Verify Fix Applied:

Verify patch application through Oracle patch management tools and confirm version is no longer in vulnerable range.

📡 Detection & Monitoring

Log Indicators:

Unexpected server crashes or hangs
HTTP/2 protocol errors
Increased error rates in server logs

Network Indicators:

Unusual HTTP/2 traffic patterns
Multiple connection attempts from single sources

SIEM Query:

source="weblogic" AND (event_type="crash" OR event_type="hang" OR error_message="HTTP/2")

📊 Metadata

CVE ID: CVE-2025-61752

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-306

EPSS Score: 0.06% exploit probability (17th percentile)

Published: October 21, 2025

Last Updated: October 24, 2025

🔗 References

https://www.oracle.com/security-alerts/cpuoct2025.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61752, you might also want to check these: