CVE-2019-2725
ENISA EUVD: EUVD-2019-12364 ↗
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 5, 2026
5 articles
Published: 2019-04-26
EPSS Score
Source: FIRST.org · 2026-05-23
94.47%
probability
This CVE has a 94.47% probability
of being exploited in the next 30 days.
0%
Top 100.0th percentile of all CVEs
100%
CVSS v3.0
Source: VulnerabilityLookup (CIRCL)7.5
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2 (legacy)
7.5
HIGH
Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:N/AC:L/Au:N/C:P/I:P/A:P
Description
VulnerabilityLookup (CNA)Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Affected Products
Oracle Corporation
Tape Library ACSLS
8.5
Attack Intelligence
Exploits & PoC
shack2/javaserializetools
Java反序列化漏洞利用工具V1.0 Java反序列化相关漏洞的检查工具,采用JDK 1.8+NetBeans8.2开发,软件运行必须安装JDK 1.8或者以上版本。 支持:weblogic xml反序列化漏洞 CVE-2017-10271/CNVD-C-2019-48814/CVE-20
514
2020-10-01
lufeirider/CVE-2019-2725
CVE-2019-2725 命令回显
433
2023-05-08
SkyBlueEternal/CNVD-C-2019-48814-CNNVD-201904-961
CVE-2019-2725poc汇总 更新绕过CVE-2017-10271补丁POC
105
2019-04-29
black-mirror/Weblogic
Weblogic CVE-2019-2725 CVE-2019-2729 Getshell 命令执行
70
2019-07-15
pimps/CVE-2019-2725
WebLogic Insecure Deserialization - CVE-2019-2725 payload builder & exploit
52
2019-09-26
jiansiting/CVE-2019-2725
weblogic绕过和wls远程执行
36
2019-06-15
21
2019-05-01
kerlingcode/CVE-2019-2725
CVE-2019-2725 bypass pocscan and exp
11
2019-06-21
7
2019-05-10
ianxtianxt/CVE-2019-2725
CVE-2019-2725
3
2019-11-05
2
2019-05-05
2
2019-06-11
GGyao/weblogic_2019_2725_wls_batch
weblogic CVE-2019-2725利用exp。
2
2022-01-03
ludy-dev/Oracle-WLS-Weblogic-RCE
(CVE-2019-2725) Oracle WLS(Weblogic) RCE test sciript
2
2020-11-07
1
2019-05-02
0
2019-05-13
N0b1e6/CVE-2019-2725-POC
CVE-2019-2725-POC
0
2019-12-12
0
2021-07-16
CalegariMindSec/Exploit-CVE-2019-2725
A simple exploit for CVE-2019-2725.
0
2023-11-11
loursha/Oracle-Weblogic-Server-AsyncResponseService-Deserialization-Remote-Code-Execution-CVE-2019-2725
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected a
0
2026-01-19
20 repos — triés par ⭐
Rechercher sur GitHub ↗
http://www.securityfocus.com/bid/108074
vdb-entry
x_refsource_BID
https://support.f5.com/csp/article/K90059138
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/46780/
exploit
x_refsource_EXPLOIT-DB
Signal Intelligence
Confidence
85%
EPSS
94.47%
CVSS v3.0
7.5
Mentions
5
Last Seen
Sep 04, 2023
CNA Information
CNA Assigner
oracle
Analyst Note
CVE-2019-2725 is explicitly labeled as a 0-day in the CERT-EU Security Advisory 2019-010. The vulnerability in Oracle WebLogic Server was disclosed and exploited in the wild in April 2019, with active attacks documented before patches were widely available. The high CVSS score (7.5) and unauthenticated network exploitation capability support the severity and real-world exploitation risk.
Threat Actors 1
APT 29
apt_group
Information theft and espionage
🇷🇺 RU
Triage Info
Decided atMar 05, 2026
Published DateApr 26, 2019