vul_app: oracle_weblogic_server_deserialization_remote_command_exec（Rule ID：1070210107）

Release Date：2025/9/15

Rule Name：CVE-2019-2725: Oracle WebLogic Server Deserialization Remote Command Execution /_async/ Bypass Vulnerability

Severity：critical

CVE ID：CVE-2019-2725

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference：None

Update vendor patches.