This critical vulnerability in Oracle WebLogic Server allows an unauthenticated remote attacker to achieve a full system takeover, posing an extreme risk to infrastructure integrity.

This is a critical remote code execution vulnerability within the WebLogic Server Console. It is remotely exploitable by an unauthenticated attacker over HTTP with no user interaction required.

The CVSS 3.1 base score of 10.0 reflects the maximum severity of this flaw. Successful exploitation grants an attacker full control over the WebLogic environment, potentially leading to total data exfiltration, lateral movement within the network, and complete system compromise. This poses a catastrophic risk to organizational data confidentiality, integrity, and availability.

Immediate Action: Apply the latest Oracle Critical Patch Update (CPU) immediately to patch the affected WebLogic Server versions.

Proactive Monitoring: Review web server access logs for anomalous HTTP requests targeting the Console component and monitor system process integrity for unauthorized execution.

Compensating Controls: Deploy Web Application Firewall (WAF) rules to filter malicious traffic targeting WebLogic Console endpoints until the patch can be applied.

Public Exploit Available: Unknown

Given the CVSS score of 10.0 and the ease of exploitation, immediate patching is mandatory. Organizations must prioritize the deployment of vendor-supplied updates to prevent unauthorized system takeover.