Summary: Oracle has released a critical security advisory for WebLogic Server addressing a high-severity vulnerability, CVE-2025-21535, with a CVSS score of 9.8. This vulnerability allows unauthenticated remote attackers to execute arbitrary code on systems due to insufficient data filtering through T3 and IIOP protocols. Oracle has made patches available and provided temporary mitigation measures for affected organizations.
Affected: Oracle WebLogic Server
Keypoints :
- Vulnerability identified as CVE-2025-21535 with a CVSS score of 9.8.
- Exploits insufficient filtering of T3 and IIOP protocols, allowing remote code execution.
- Oracle has provided patches and temporary measures, such as restricting T3 protocol access and disabling IIOP.