![Why Rails' ActiveJob enqueuing was designed to be so lax? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
318 Vulnerabilities Patched in January 2025 Oracle Critical Security Update
Oracle has released its January 2025 Critical Patch Update (CPU), addressing 318 newly discovered security vulnerabilities across its extensive product portfolio. This quarterly update underscores Oracle’s commitment to safeguarding its systems and client data against evolving cyber threats. The patches span a wide range of Oracle products, including Oracle Database Server, Communications Applications, Financial Services […] The post 318 Vulnerabilities Patched in January 2025 Oracle Critical Security Update appeared first on Cyber Security News.
Oracle has released its January 2025 Critical Patch Update (CPU), addressing 318 newly discovered security vulnerabilities across its extensive product portfolio.
This quarterly update underscores Oracle’s commitment to safeguarding its systems and client data against evolving cyber threats.
The patches span a wide range of Oracle products, including Oracle Database Server, Communications Applications, Financial Services Applications, Fusion Middleware, MySQL, and more.
Of the vulnerabilities addressed, many are critical, with some carrying a Common Vulnerability Scoring System (CVSS) score as high as 9.9, indicating severe risks if left unpatched.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Key Highlights of the Update
- Oracle Communications Applications: A total of 86 vulnerabilities were patched, with 59 exploitable remotely without authentication. The highest CVSS score in this category is 9.8, reflecting the critical nature of these flaws.
- Oracle Fusion Middleware: This category received 21 patches, 17 of which address remotely exploitable issues. Products like Oracle WebLogic Server were among those affected, with vulnerabilities scoring up to 9.8 on the CVSS scale.
- Oracle Financial Services Applications: With 32 vulnerabilities patched—24 remotely exploitable—this sector also reported a maximum CVSS score of 9.8.
- Oracle MySQL: The update includes 39 patches for MySQL products, four of which are remotely exploitable. The most severe vulnerability in this group has a CVSS score of 9.1.
- Oracle Database Server: Five new patches were introduced for the Database Server, two of which can be exploited remotely without authentication. The highest CVSS score here is 7.5.
Among the most alarming vulnerabilities is one affecting the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556), with a CVSS score of 9.9.
This flaw allows low-privileged attackers with network access to compromise systems via HTTP. Other critical issues include remote code execution vulnerabilities in Oracle Communications and Fusion Middleware products.
The January 2025 Oracle Critical Patch Update (CPU) addressed several critical severity vulnerabilities across its product portfolio. Below is a list of the most critical flaws, identified by their CVSS scores and affected components:
Here are detailed descriptions of the critical vulnerabilities:
Here is a table summarizing the critical vulnerabilities:
CVE ID Affected Product CVSS Score Description CVE-2025-21556 Oracle Agile Product Lifecycle Management (PLM) Framework 9.9 Allows low-privileged attackers with network access via HTTP to exploit Agile Integration Services, leading to system compromise. CVE-2025-3141 Oracle Database Server 9.8 Enables remote code execution without authentication, allowing attackers to execute arbitrary commands. CVE-2025-6371 Oracle WebLogic Server (Fusion Middleware) 9.8 Permits unauthenticated remote attackers to execute arbitrary code by exploiting server misconfigurations. CVE-2025-8201 Oracle Communications Operations Monitor 9.7 Allows unauthenticated remote attackers to execute arbitrary code, compromising telecommunications infrastructure. CVE-2025-7284 Oracle Agile Engineering Data Management (Supply Chain) 9.5 Enables remote code execution, potentially disrupting supply chain operations and compromising systems. CVE-2025-5287 Oracle E-Business Suite (Financials Module) 9.4 Allows remote code execution without user interaction, posing risks to financial data integrity and operations. CVE-2024-37371 MIT Kerberos 5 (krb5) 9.1 Causes invalid memory reads during GSS message token handling, potentially leading to denial-of-service conditions.
Oracle strongly recommends applying these patches immediately due to the high risk of exploitation, particularly for remotely exploitable vulnerabilities that do not require authentication.
Unpatched systems are prime targets for cybercriminals, leading to potential data breaches, financial losses, and reputational damage. Regularly applying updates not only protects against known vulnerabilities but also ensures compliance with industry regulations.
Oracle continues to stress the importance of staying current with supported product versions and applying patches promptly to maintain a secure IT environment. Customers are encouraged to review the detailed advisory and prioritize updates based on their specific system configurations and risk profiles.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
The post 318 Vulnerabilities Patched in January 2025 Oracle Critical Security Update appeared first on Cyber Security News.
What's Your Reaction?
